Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting
| EKU-ID: 27110 | CVE: OSVDB-845 | OSVDB-ID: |
| Author: Matt Moore | Published: 2002-07-10 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27110 | CVE: OSVDB-845 | OSVDB-ID: |
| Author: Matt Moore | Published: 2002-07-10 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/5194/info A vulnerability has been reported for Apache Tomcat 4.0.3 on a Microsoft Windows platform. Reportedly, it is possible for an attacker to launch a cross site scripting attack. When making a request for a DOS device file name, Tomcat will throw an exception and respond with an error message. It is also possible for information to be appended to the DOS device when making a request. tomcat-server/COM2.IMG%20src= "Javascript:alert(document.domain)"