Running the Nikto security tool on Tomcat 4.1 produces a warning that it is vulnerable to cross-site scripting attacks. This is the URL it gives
https://<server IP>:443/666%0a%0a<script>alert('Vulnerable');</script>666.jsp
I edited the the server IP above. I found a reference to this at
http://archives.neohapsis.com/archives/vuln-dev/2002-q3/0482.html
but no solution was provided. Does anybody know anything more about this, especially how to fix it?
I am using Tomcat 4.1.24
Rui.
-- (c) Copyright 2004 Verano Inc. owns copyright content of this document and all attachments unless otherwise indicated. All rights reserved. Users of Verano Inc. software and tools associated with the software such as sales & marketing collateral, presentations, user manuals, training documentation etc. may not republish nor reproduce in whole or in part the information, in any form or by any means, in any manner whatsoever without the prior written permission of Verano Inc., and any such unauthorized use constitutes copyright infringement. An acknowledgement of the source must be included whenever Verano Inc. material is copied or published. If you require further information on a permitted use or license to reproduce or republish any material, address your inquiry to Verano Inc.Suite 120, 575 West Street, Mansfield, Massachusetts, 02048-1164. Any infringement of Verano Inc. rights will result in appropriate legal action. Verano Inc. disclaims any and all liability for any consequences which may result from any unauthorized reproduction or use of this Work whatsoever.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
