318 matches found
tomcat XSS in example webapps
Cross-site scripting XSS vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values...
CVE-2008-1285
Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
CVE-2008-1285
Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
CVE-2002-2347
Cross-site scripting XSS vulnerability in Oracle Java Server Page OJSP demo files 1 hellouser.jsp, 2 welcomeuser.jsp and 3 usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field...
tomcat5 security update
CentOS Errata and Security Advisory CESA-2007:0871 Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java...
Moderate: Red Hat Security Advisory: tomcat security update
Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and Java Server Pages technologies. Tomcat...
tomcat examples jsp XSS
Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...
Apache MyFaces Tomahawk JSF架构Autoscroll参数跨站脚本漏洞
Java Server Faces, JSF是一款用于建立服务端GUI WEB应用程序的架构。 Java Server Faces, JSF不正确过滤用户提交的HTTP请求,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 当从POST或者GET请求解析'autoscroll'参数时,由于不充分过滤,可导致提交恶意脚本代码作为参数,当其他用户解析时可泄露敏感信息。 Apache MyFaces Tomahawk 1.1.5 升级程序: Apache MyFaces Tomahawk 1.1.5 Apache tomahawk-1.1.6-bin.tar.gz...
iDefense Security Advisory 06.14.07: Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting (XSS) Vulnerability
Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting XSS Vulnerability iDefense Security Advisory 06.14.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2007 I. BACKGROUND Java Server Faces, JSF, is a framework used to create server side GUI Web applications. It is comparab...
CVE-2007-2904
Cross-site scripting XSS vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653...
tomcat manager example DoS
Multiple cross-site scripting XSS vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 el/functions.jsp, 2 el/implicit-objects.jsp, and 3 jspx/textRotate.jspx in examples/jsp2/, as demonstrated via...
CVE-2005-4805
Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages JSP via unknown vectors...
CVE-2005-4805
Technical details about CVE-2005-4805 are not publicly available in the provided documents; no specifics on affected product versions, vectors, or fixes are provided. Monitor for updates.
CVE-2002-2007
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages JSP in the 1 test/jsp, 2 samples/jsp and 3 examples/jsp directories, or the 4...
CVE-2005-1112
IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages .jsp via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the...
CVE-2005-0425
Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages .jsp via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine...
CVE-2005-1112
IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages .jsp via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the...
CVE-2005-0425
Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages .jsp via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine...
[SA14274] IBM WebSphere Application Server JSP Source Code Disclosure
TITLE: IBM WebSphere Application Server JSP Source Code Disclosure SECUNIA ADVISORY ID: SA14274 VERIFY ADVISORY: http://secunia.com/advisories/14274/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: IBM WebSphere Application Server 6.x...