XSS issues have been reported in:
- the servlet 2.3 examples (including snoop.jsp)
- the manager servlet
- the servlet 2.4 examples (affects TC5 only)
All of these have been fixed in CVS.
Fixes for these are included in Tomcat 5.5.7 onwards.
Tomcat 4.1.31 still has the following XSS issues
I notice the "more..." at the end of that... do you have the more by chance?
Cross-site scripting (CSS) vulnerabilities are, generally-speaking,
concerned with situations where a server-side process generates HTML
dynamically and there is a possibility of input data that has not been
scrubed o
Our security tool produces the following warning against Tomcat 4.1.29 :
[HTTP/8080/TCP] Server is an enabling vector for cross-site scripting
exposure in clients [trace-1]. More...
I seached the mailing list and found several references to cross-site
scripting. Based on the information, I am
Shapira, Yoav wrote:
Howdy,
Fixed in the latest stable releases, upgrade and test for yourself.
Yoav Shapira
Millennium Research Informatics
-Original Message-
From: Rui Lopes [mailto:[EMAIL PROTECTED]
Sent: Monday, April 05, 2004 11:05 AM
To: [EMAIL PROTECTED]
Subject: Cross-site
Howdy,
Fixed in the latest stable releases, upgrade and test for yourself.
Yoav Shapira
Millennium Research Informatics
>-Original Message-
>From: Rui Lopes [mailto:[EMAIL PROTECTED]
>Sent: Monday, April 05, 2004 11:05 AM
>To: [EMAIL PROTECTED]
>Subject: Cross
Hi,
Running the Nikto security tool on Tomcat 4.1 produces a warning that it
is vulnerable to cross-site scripting attacks. This is the URL it gives
https://:443/666%0a%0aalert('Vulnerable');666.jsp
I edited the the server IP above. I found a reference to this at
http://archives.neohapsis.co
Cross Site scripting security vulnerabilities exist in the 'examples' web
application which is distributed along with Apache Tomcat. This affects all
released versions of Tomcat, including 3.x and 4.x.
No other components of Tomcat are currently known to be vulnerable to cross
site scripting.
To
Hi all
this has probably been discussed long ago,
but I couldn't find any hints.
Is this fixed in tomcat 3.2.2?
thanks a lot
gruss
stefan
Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerab