Penetration Testing mailing list archives
XSS vulnerability on Apache Tomcat server
From: Erwin van der Zwan <erwin.zwan-van-der () siemens nl>
Date: 13 Aug 2002 06:59:40 -0000
I am currently pen-testing an Apache Tomcat v4.0.3 web server running on a Windows 2000 box. The server just provides access to an LDAP database through a search query. The box is connected directly to the Internet and seems to be protected by McAfee/PGP personal firewall/IDS which blocks the IP address for 30 minutes or so. TCP ports 21, 80, 389, 1002 and 1720 seems to be open, the rest is filtered/blocked. The server is running tomcat_server/servlet/JNDISearch Java LDAP search code. It seems to be vulnerable for XSS and path disclosure vulnerabilities. I got the path (D:\Tomcat\webapps) but any ideas on how to exploit the XSS vulnerability or advance with the test? Ideas? EvdZ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- XSS vulnerability on Apache Tomcat server Erwin van der Zwan (Aug 13)
- Re: XSS vulnerability on Apache Tomcat server Anthony LaMantia (Aug 14)
- <Possible follow-ups>
- Re: XSS vulnerability on Apache Tomcat server Muhammad Faisal Rauf Danka (Aug 21)