tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brent Johnson" <bre...@reedyriverpress.com>
Subject Cross-Site Vulnerability
Date Mon, 08 Oct 2001 20:10:13 GMT
I contracted with a security company using JSP and I used Tomcat as
their engine.  They pointed out a notice on a security site about the
"Cross-Site Scripting Vulnerability".  I see there was a fix for that in
Tomcat 4.0 beta2, but what about 3.x??  I would assume so, but they were
asking, and I don't see anywhere that points out "yes, that has been
fixed."

Thanks,

- Brent

Mime
View raw message