tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 32953] - SERVLETAPI: XSS Issues
Date Mon, 10 Jan 2005 19:05:43 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=32953>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=32953





------- Additional Comments From markt@apache.org  2005-01-10 20:05 -------
Yes, but that has nothing to do with the XSS issue.

The Manager application is for managing Tomcat. Therefore, if someone has access
to the manager application they are managing (or controlling if you prefer) Tomcat.

XSS issues provide an attacker that controls one (untrusted) web site with a
mechanism for executing code on a client as if it was from another (trusted) web
site. Try a google for XSS for more info.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message