It also fixes the following, which wasn't mentioned in the summary (or
elsewhere, as far as I can see):
Cross-site Scripting in PHP's Transparent Session ID Support
http://shh.thathost.com/secadv/2003-05-11-php.txt
Sverre.
--
[EMAIL PROTECTED]
http://shh.thathost.com/
(First, thanks a _lot_ for Squid, Henrik!)
[Henrik Nordstrom]
| Further, if you pass around the ticket in URLs then this class of
| attacks will also have full access to the ticket from the referer
| URL, so if you only base your security on these two measurements
| (client IP + ticket
[www-mobile-code would probably be a more appropriate list for this]
It seems to me that what you talk about is Client Side Trojans,
which were discussed in the Zope forum in May last year.
http://www.zope.org/Members/jim/ZopeSecurity/ClientSideTrojan
This is a far reaching security problem.
.
==
Tomcat may reveal script source code by URL trickery 2
--
Sverre H. Huseby security advisory #4, 2001-04-03
Systems affected
Tomcat 4.0-b2, which includes fixes
[lovehacker]
| Topic:Tomcat 4.0-b1 for winnt/2000 show ".jsp"
| source Vulnerability. [...]
| exploits:
| http://target:8080/examples/snp/snoop%2ejsp
This is the same problem I reported a few days ago. It has already
been fixed in Tomcat 4.0 beta 2.
Sverre.
--
URL:mailto:[EMAIL
.
==
BEA WebLogic may reveal script source code by URL trickery
--
Sverre H. Huseby advisory 2001-03-28
Systems affected
WebLogic 5.1.0 SP 6, and probably earlier versions. The problem seems
to be gone