Apache Tomcat 4.1 XSS

The version of Apache Tomcat running on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize request strings of malicious JavaScript. A remote, unauthenticated attacker can exploit this to execute arbitrary code by using a URL containing...

CVE-2002-1567

Cross-site scripting XSS vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script...

CVE-2002-1567

Cross-site scripting XSS vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script...

Fixed in Apache Tomcat 4.1.29

Moderate: Cross-site scripting CVE-2002-1567 The unmodified requested URL is included in the 404 response header. The new lines in this URL appear to the client to be the end of the header section. The remaining part of the URL, including the script elements, is treated as part of the response bo...