jakarta-announcements mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Remy Maucherat" <r...@apache.org>
Subject [SECURITY] Cross site scripting vulnerability revealed in 'examples' webapp of Apache Tomcat
Date Tue, 09 Apr 2002 17:18:02 GMT
Cross Site scripting security vulnerabilities exist in the 'examples' web
application which is distributed along with Apache Tomcat. This affects all
released versions of Tomcat, including 3.x and 4.x.

No other components of Tomcat are currently known to be vulnerable to cross
site scripting.

To address this security issue, administrators of public servers which have
deployed Apache Tomcat should make sure the 'examples' webapp is removed
from the deployed Tomcat installation.
The 'examples' webapp will be modified in future Apache Tomcat releases to
prevent cross site scripting.

Background information on cross site scripting: This allows a mailicious
website to execute JavaScript code using the security policy of a trusted
domain.
More information: http://httpd.apache.org/info/css-security/

Remy and Larry


--
To unsubscribe, e-mail:   <mailto:announcements-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:announcements-help@jakarta.apache.org>


Mime
View raw message