Re: Apache Tomcat 4.1 Cross-Site Scripting Vulnerability

From: KF (dotslash@snosoft.com)
Date: 08/22/02 

Date: Wed, 21 Aug 2002 19:19:59 -0500
From: KF <dotslash@snosoft.com>
To: vhm3@io.gigguardian.com

Several of the example pages have similar issues.
-KF

Chip McClure wrote:

>This doesn't appear to be backwards compatible, (possibly not even cross
>platform) though.
>
>Tested on an apache / tomcat 4.0.4 server, running FreeBSD. No alerts, just
>an error 400 page...
>
>I don't have access to a tomcat 4.1 system, so can't test there.
>
>Chip
>
>-----
>Chip McClure
>Sr. Unix Administrator
>GigGuardian, Inc.
>
>http://www.gigguardian.com/
>-----
>
>
>
>>***** This writing is part of Malloc() Hackers & Malloc() Security
>>*****
>> http://www.malloc.tk
>> http://www.superw00t.com
>>
>>
>>
>*******************************************************************************>
>
>
>>Title: Apache Tomcat 4.1 Cross-Site Scripting Vulnerability
>>~~~
>> Author: Skinnay of Malloc()
>> ~~~~~
>>
>>Contact: "Skinnay" - (skinnay@skinnux.com)
>>~~~~~~
>>
>>No modification of the contents of this file should be made
>>without direct consent of the author or of Malloc() hackers or
>>Malloc() Security.
>>************************************************************************
>>
>>
>>
>>Apache Tomcat is a Webserver/servlet engine available for multiple *nix
>>platforms and Windows platforms.
>>
>>
>>There exist a cross-site scripting vulnerability in Apache Tomcat
>>that may allow people to craft links to vulnerable webservers
>>and execute malicious instructions.
>>
>>
>>Exploitation:
>>
>>Tested on Tomcat 4.1 / Linux
>>
>>http://example.com:8080/666%0a%0a>alert("asdf");</script>666.jsp
>>
>>
>>
>>Found by Skinnay of Malloc().. word.. :P
>>
>>
>
>
>
>
>
>
>
>