Apache Tomcat 4.1 Cross-Site Scripting Vulnerability

From: skinnay@skinnux.com
Date: 08/21/02

Date: Wed, 21 Aug 2002 17:31:08 -0400 (EDT)
From: <skinnay@skinnux.com>
To: <vuln-dev@securityfocus.com>

***** This writing is part of Malloc() Hackers & Malloc() Security *****

Title: Apache Tomcat 4.1 Cross-Site Scripting Vulnerability
                 Author: Skinnay of Malloc()

Contact: "Skinnay" - (skinnay@skinnux.com)

No modification of the contents of this file should be made
without direct consent of the author or of Malloc() hackers or
Malloc() Security.

Apache Tomcat is a Webserver/servlet engine available for multiple *nix
platforms and Windows platforms.

There exist a cross-site scripting vulnerability in Apache Tomcat
that may allow people to craft links to vulnerable webservers
and execute malicious instructions.


Tested on Tomcat 4.1 / Linux


Found by Skinnay of Malloc().. word.. :P