K9108: Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

Mandriva Update for tomcat5 MDVSA-2008:188 (tomcat5)

Check for the Version of tomcat5 OpenVAS Vulnerability Test Mandriva Update for tomcat5 MDVSA-2008:188 tomcat5 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Cross site scripting

Cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method...

Apache Tomcat HttpServletResponse.sendError()跨站脚本漏洞

BUGTRAQ ID: 30496 CVECAN ID: CVE-2008-1232 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat不仅在错误页面中显示了HttpServletResponse.sendError调用的消息参数，同时也在HTTP响应的reason-phrase中使用，这就可能在HTTP头中包含非法字符。特制的消息可能导致跨站脚本攻击，向HTTP响应中注入任意内容。 Apache Group Tomcat 6.0.x Apache Group Tomcat 5.5.x Apache Group Tomcat 4.1.x...