Home page logo

pen-test logo Penetration Testing mailing list archives

XSS vulnerability on Apache Tomcat server
From: Erwin van der Zwan <erwin.zwan-van-der () siemens nl>
Date: 13 Aug 2002 06:59:40 -0000

I am currently pen-testing an Apache Tomcat v4.0.3 web server running on a 
Windows 2000 box. The server just provides access to an LDAP database 
through a search query. The box is connected directly to the Internet and 
seems to be protected by McAfee/PGP personal firewall/IDS which blocks the 
IP address for 30 minutes or so. TCP ports 21, 80, 389, 1002 and 1720 
seems to be open, the rest is filtered/blocked. The server is running 
tomcat_server/servlet/JNDISearch Java LDAP search code.

It seems to be vulnerable for XSS and path disclosure vulnerabilities. I 
got the path (D:\Tomcat\webapps) but any ideas on how to exploit the XSS 
vulnerability or advance with the test?



This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]