DO NOT REPLY [Bug 48577] New: vulnerability in DefaultServlet

bugzilla Wed, 20 Jan 2010 03:14:39 -0800

https://issues.apache.org/bugzilla/show_bug.cgi?id=48577


           Summary: vulnerability in DefaultServlet
           Product: Tomcat 6
           Version: 6.0.20
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: Catalina
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: navi...@gmail.com


when you try to import an inexisting page with js fragments in url parameters
like

http://.../page.jsp?paramName=";<script>alert('BT_XSS')</script>">&param2=2...
the following content is inserted into response:
"The requested resource ({URL ABOVE}) is not available."
the content is not encoded so js code from url is being executed

i think DefaultServlet should do smth like

response.getWriter().write(sm.getString("defaultServlet.missingResource",
  urlEncoder.encode(requestUri)));
but html- or xml- encoding might be better

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

DO NOT REPLY [Bug 48577] New: vulnerability in DefaultServlet

Reply via email to