Several of the example pages have similar issues. -KF Chip McClure wrote: >This doesn't appear to be backwards compatible, (possibly not even cross >platform) though. > >Tested on an apache / tomcat 4.0.4 server, running FreeBSD. No alerts, just >an error 400 page... > >I don't have access to a tomcat 4.1 system, so can't test there. > >Chip > >----- >Chip McClure >Sr. Unix Administrator >GigGuardian, Inc. > >http://www.gigguardian.com/ >----- > > > >>***** This writing is part of Malloc() Hackers & Malloc() Security >>***** >> http://www.malloc.tk >> http://www.superw00t.com >> >> >> >*******************************************************************************> > > >>Title: Apache Tomcat 4.1 Cross-Site Scripting Vulnerability >>~~~ >> Author: Skinnay of Malloc() >> ~~~~~ >> >>Contact: "Skinnay" - (skinnayat_private) >>~~~~~~ >> >>No modification of the contents of this file should be made >>without direct consent of the author or of Malloc() hackers or >>Malloc() Security. >>************************************************************************ >> >> >> >>Apache Tomcat is a Webserver/servlet engine available for multiple *nix >>platforms and Windows platforms. >> >> >>There exist a cross-site scripting vulnerability in Apache Tomcat >>that may allow people to craft links to vulnerable webservers >>and execute malicious instructions. >> >> >>Exploitation: >> >>Tested on Tomcat 4.1 / Linux >> >>http://example.com:8080/666%0a%0a