Vulnerability Development mailing list archives
Apache Tomcat 4.1 Cross-Site Scripting Vulnerability
From: <skinnay () skinnux com>
Date: Wed, 21 Aug 2002 17:31:08 -0400 (EDT)
***** This writing is part of Malloc() Hackers & Malloc() Security *****
http://www.malloc.tk
http://www.superw00t.com
*******************************************************************************
Title: Apache Tomcat 4.1 Cross-Site Scripting Vulnerability
~~~
Author: Skinnay of Malloc()
~~~~~
Contact: "Skinnay" - (skinnay () skinnux com)
~~~~~~
No modification of the contents of this file should be made
without direct consent of the author or of Malloc() hackers or
Malloc() Security.
************************************************************************
Apache Tomcat is a Webserver/servlet engine available for multiple *nix
platforms and Windows platforms.
There exist a cross-site scripting vulnerability in Apache Tomcat
that may allow people to craft links to vulnerable webservers
and execute malicious instructions.
Exploitation:
Tested on Tomcat 4.1 / Linux
http://example.com:8080/666%0a%0a<script>alert("asdf");</script>666.jsp
Found by Skinnay of Malloc().. word.. :P
Current thread:
- Apache Tomcat 4.1 Cross-Site Scripting Vulnerability skinnay (Aug 21)
- Re: Apache Tomcat 4.1 Cross-Site Scripting Vulnerability Chip McClure (Aug 21)
- RE: Apache Tomcat 4.1 Cross-Site Scripting Vulnerability rulerpen (Aug 21)
- Re: Apache Tomcat 4.1 Cross-Site Scripting Vulnerability KF (Aug 21)
- Re: Apache Tomcat 4.1 Cross-Site Scripting Vulnerability Chip McClure (Aug 21)