tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Tomcat cross-site scripting vulnerability
Date Fri, 04 Jul 2014 13:31:59 GMT
On 04/07/2014 14:12, carl wrote:
> Our latest PCI scan using the Saint scanner shows the following:
> 
> 404 Error Page Cross Site Scripting Vulnerability
> 12/21/09
> Apache Tomcat is prone to a cross-site scripting vulnerability because
> it fails to properly sanitize user-supplied input.
> An attacker may leverage this issue to execute arbitrary script code in
> the browser
> of an unsuspecting user in the context of the affected site.
> 
> Is there any way to mitigate this vulnerability (I suspect anyone using
> Tomcat is going to see the same thing)?

What vulnerability? I don't see any evidence (no Tomcat version, no CVE
reference, no PoC) to back up the claim of a vulnerability.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message