1 Reply Latest reply on Nov 16, 2005 10:23 AM by adrian.brock

    newbie: Tomcat 5.x Vulnerability in JBOSS?

    cheeguanyap

      Would like to check if anyone know if the vulnerability is valid for the Tomcat version packaged in current JBOSS?

      This vulnerability was picked up by our security scanner while scanning on JBOSS 3.2.5 and JBOSS 4.0.0.

      Apache Tomcat Cross-Site Scripting Vulnerability
      ================================
      The Apache Group Tomcat java servlet container does not filter scripting language content when processing JSP file requests. A malicious webmaster may leverage this behavior to forge the source web site from which scripting language content is returned to an end-user's web browser in response to an HTTP request.

      Is this still a problem in the latest version of JBOSS?
      Or do we have to upgrade Tomcat seperately.

      Appreciate any help provided..:)