|
Penetration Testing
mailing list archives
XSS vulnerability on Apache Tomcat server
From: Erwin van der Zwan <erwin.zwan-van-der () siemens nl>
Date: 13 Aug 2002 06:59:40 -0000
I am currently pen-testing an Apache Tomcat v4.0.3 web server running on a
Windows 2000 box. The server just provides access to an LDAP database
through a search query. The box is connected directly to the Internet and
seems to be protected by McAfee/PGP personal firewall/IDS which blocks the
IP address for 30 minutes or so. TCP ports 21, 80, 389, 1002 and 1720
seems to be open, the rest is filtered/blocked. The server is running
tomcat_server/servlet/JNDISearch Java LDAP search code.
It seems to be vulnerable for XSS and path disclosure vulnerabilities. I
got the path (D:\Tomcat\webapps) but any ideas on how to exploit the XSS
vulnerability or advance with the test?
Ideas?
EvdZ
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
- XSS vulnerability on Apache Tomcat server Erwin van der Zwan (Aug 13)
|
Intro
