Apache Tomcat Cross-Site Scripting Vulnerability

Apache Tomcat does not filter script embedding from links that are displayed on a server's website. A malicious webmaster can exploit this vulnerability to cause JavaScript commands or embedded scripts to be executed by any user who clicks on the hyper-link. Upon clicking on the hyper-link, Tomcat will generate an error message including the specified or embedded script. The specified or embedded scripting will be executed in the client's browser and treated as content originating from the target server returning the error message (even though the scripting may have originated at another site entirely).


 

Privacy Statement
Copyright 2010, SecurityFocus