I've found a very good explanation of XSS: http://www.spidynamics.com/whitepapers/SPIcross-sitescripting.pdf
Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com >>> [EMAIL PROTECTED] 9/29/03 2:26:54 PM >>> Actually this could be issue on a poorly configured site where the admin does not override the default error pages. It would make it very easy to steal someone's cookies or session. So while might be an issue (I personally haven't checked), its not an issue if the admin configures custom error pages to show instead of displaying the default. -Tim Remy Maucherat wrote: > David Rees wrote: > >> Anyone know how serious this is? > > > Lol. > If you're affected by XSS, then you have a problem (no site in the world > deserves any privilege: *all* need javascript blocking these days). > >> It also appears to affect Tomcat 4.1.27 when using mod_jk as well. Below >> is a sample trace of a HTTP session. > > > Remy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
