RE: Apache Tomcat 4.1 Cross-Site Scripting Vulnerability

From: rulerpen (rulerpen@optonline.net)
Date: 08/22/02 

Date: Wed, 21 Aug 2002 19:17:28 -0400
From: rulerpen <rulerpen@optonline.net>
To: vuln-dev@securityfocus.com

Tested on Redhat 7.2 w/ tomcat 4.0.3 and didn't appear to work. 400
error page also.

Mike

-----Original Message-----
From: Chip McClure [mailto:vhm3@gigguardian.com]
Sent: Wednesday, August 21, 2002 7:07 PM
To: skinnay@skinnux.com
Cc: vuln-dev@securityfocus.com
Subject: Re: Apache Tomcat 4.1 Cross-Site Scripting Vulnerability

This doesn't appear to be backwards compatible, (possibly not even cross
platform) though.

Tested on an apache / tomcat 4.0.4 server, running FreeBSD. No alerts,
just an error 400 page...

I don't have access to a tomcat 4.1 system, so can't test there.

Chip

-----
Chip McClure
Sr. Unix Administrator
GigGuardian, Inc.

http://www.gigguardian.com/
-----

> ***** This writing is part of Malloc() Hackers & Malloc() Security
> *****
> http://www.malloc.tk
> http://www.superw00t.com
>
************************************************************************
*******>
> Title: Apache Tomcat 4.1 Cross-Site Scripting Vulnerability ~~~
> Author: Skinnay of Malloc()
> ~~~~~
>
> Contact: "Skinnay" - (skinnay@skinnux.com)
> ~~~~~~
>
> No modification of the contents of this file should be made without
> direct consent of the author or of Malloc() hackers or
> Malloc() Security.
> **********************************************************************
> **
>
>
>
> Apache Tomcat is a Webserver/servlet engine available for multiple
> *nix platforms and Windows platforms.
>
>
> There exist a cross-site scripting vulnerability in Apache Tomcat that

> may allow people to craft links to vulnerable webservers and execute
> malicious instructions.
>
>
> Exploitation:
>
> Tested on Tomcat 4.1 / Linux
>
> http://example.com:8080/666%0a%0a>alert("asdf");</script>666.js
> p
>
>
>
> Found by Skinnay of Malloc().. word.. :P