On 04/07/2014 14:12, carl wrote: > Our latest PCI scan using the Saint scanner shows the following: > > 404 Error Page Cross Site Scripting Vulnerability > 12/21/09 > Apache Tomcat is prone to a cross-site scripting vulnerability because > it fails to properly sanitize user-supplied input. > An attacker may leverage this issue to execute arbitrary script code in > the browser > of an unsuspecting user in the context of the affected site. > > Is there any way to mitigate this vulnerability (I suspect anyone using > Tomcat is going to see the same thing)?
What vulnerability? I don't see any evidence (no Tomcat version, no CVE reference, no PoC) to back up the claim of a vulnerability. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
