tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <>
Subject Re: Jakarta Tomcat 4.1 XSS vulnerability
Date Mon, 29 Sep 2003 20:06:08 GMT
David Rees wrote:

> Anyone know how serious this is?

If you're affected by XSS, then you have a problem (no site in the world 
deserves any privilege: *all* need javascript blocking these days).

> It also appears to affect Tomcat 4.1.27 when using mod_jk as well.  Below
> is a sample trace of a HTTP session.


View raw message