***** This writing is part of Malloc() Hackers & Malloc() Security ***** http://www.malloc.tk http://www.superw00t.com ******************************************************************************* Title: Apache Tomcat 4.1 Cross-Site Scripting Vulnerability ~~~ Author: Skinnay of Malloc() ~~~~~ Contact: "Skinnay" - (skinnayat_private) ~~~~~~ No modification of the contents of this file should be made without direct consent of the author or of Malloc() hackers or Malloc() Security. ************************************************************************ Apache Tomcat is a Webserver/servlet engine available for multiple *nix platforms and Windows platforms. There exist a cross-site scripting vulnerability in Apache Tomcat that may allow people to craft links to vulnerable webservers and execute malicious instructions. Exploitation: Tested on Tomcat 4.1 / Linux http://example.com:8080/666%0a%0a