Apache Tomcat Example Web Application Cross Site Scripting Vulnerability

A vulnerability has been reported for Apache Tomcat. Reportedly, it is possible for an attacker to launch a cross site scripting attack.

The cross site scripting vulnerabilities exist in some sample web applications distributed with Apache Tomcat 3.3.1a and earlier.

This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users of a host running Tomcat. Other attacks are also possible.


Privacy Statement
Copyright 2010, SecurityFocus