Full Disclosure mailing list archives
Re: Caucho Resin 2.x - Cross Site Scripting
From: jelmer <jkuperus () planet nl>
Date: Mon, 20 Oct 2003 12:33:06 +0200
----- Original Message ----- From: "Gregory Steuck" <greg-fulldisclosure () nest cx> To: "jelmer" <jkuperus () planet nl> Cc: "morning_wood" <se_cur_ity () hotmail com>; <full-disclosure () lists netsys com> Sent: Monday, October 20, 2003 7:27 AM Subject: Re: [Full-disclosure] Caucho Resin 2.x - Cross Site Scripting
"jelmer" == jelmer <jkuperus () planet nl> writes:jelmer> Donny, These are in the example applications, which any sane jelmer> admin should disable right away, much like caucho-status jelmer> These are basic procedures in setting up a server. Yes, but is it not extremely lame of the vendor to ship samples with XSS vulnerabilities?
The point of examples is usually to be as clear as possible so it's easy to userstand, adding filtering would just make the examples harder to read, it's not production code after all, I think it's perfectlty ok if caucho refuses to "fix" this _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Caucho Resin 2.x - Cross Site Scripting morning_wood (Oct 19)
- Re: Caucho Resin 2.x - Cross Site Scripting jelmer (Oct 19)
- Re: Caucho Resin 2.x - Cross Site Scripting Gregory Steuck (Oct 20)
- Re: Caucho Resin 2.x - Cross Site Scripting jelmer (Oct 20)
- Re: Caucho Resin 2.x - Cross Site Scripting Gregory Steuck (Oct 20)
- Re: Caucho Resin 2.x - Cross Site Scripting jelmer (Oct 19)