Our security tool produces the following warning against Tomcat 4.1.29 :
[HTTP/8080/TCP] Server is an enabling vector for cross-site scripting
exposure in clients [trace-1]. More...
I seached the mailing list and found several references to cross-site
scripting. Based on the information, I am lead to believe that the
problem is not with the product, but with the examples or some other
non-critical piece of code. I have removed the
jakarta-tomcat-4.1.29/webapps/examples directory and its' content, but
the problem persists. Is there some other file/directory that needs
to be removed to fix this problem? I noticed one reference to a
SnoopServlet, but can't find any file by that name.
Narses Barona
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
