Hi, I'm not sure if this is the correct list to post to so.. apologies ahead of time.
When testing for this vulnerability Bugtraq id 5193, via a request such as http://target/servlet/org.apache.catalina.ContainerServlet/<SCRIPT>alert("css-test")</SCRIPT> A " javax.servlet.ServletException: ..." is generated; is this part of the vulnerability, or is this normal? Would it be feasable to treat any host returning this exception along with the alert() message vulnerable to this cross site scripting bug? thanks, please CC me, I'm not subscribed to this list. -orlando http://www.g0thead.com/xbud.asc -- To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>
