Bugtraq: Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability

From: Mark Thomas <markt () apache org>
Date: Tue, 04 Sep 2007 20:30:31 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

tusharvartak () hotmail com wrote:

Apache Tomcat/4.1.31 ships with built in examples. One of the example calendar.jsp suffers from input validation 
error and could be exploited for cross site scriptingand cross site request forgery.


This is CVE-2006-7196 which is fixed in 4.1.32 & 5.5.16.

Kind regards,

Mark

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG3finb7IeiTPGAkMRApxAAJ9sMCfco8GUEe9LcqbcA+5GE0AKCQCgsEG+
nH4eUojS1ccH9YKtma/GtQU=
=3NtA
-----END PGP SIGNATURE-----

By Date By Thread

Current thread:

Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability tusharvartak (Sep 04)
- Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability Mark Thomas (Sep 05)