Apache Jakarta Tomcat Cross Site Scripting Vulnerabilities
===========================================================
Version
========
Apache Tomcat/5.5.6 running on Windows 2000
(Other platforms may also be affected)
Exploiting
===========
http://192.168.0.23:8080/manager/html/
http://192.168.0.23:8080/manager/html/stop?path=
http://192.168.0.23:8080/manager/html/start?path=
Second one works without authentication, but should not be that easy to
exploit:
Telnet to port 8080 and paste the following:
/jsp-examples/snp/snoop.jsp HTTP/1.0
Vendor
======
http://jakarta.apache.org
Patch
=====
http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg66978.html
Discovered
==========
03.Jan.2005
oliver karow
http://www.oliverkarow.de/research/jakarta556_xss.txt