JRun Cross-Site Scripting Vulnerability

 
Jul 02, 2001
SecurityFocus.com points out that JRun does not filter script embedding from links that are displayed on a server's website. A malicious webmaster can exploit this vulnerability to cause JavaScript commands or embedded scripts to be executed by any user who clicks on the hyper-link. Upon clicking on the hyper-link, Tomcat will generate an error message including the specified or embedded script. The specified or embedded scripting will be executed in the client's browser and treated as content originating from the target server returning the error message (even though the scripting may have originated at another site entirely). Macromedia has released a patch for this.

Allaire JRun Cross-Site Scripting Vulnerability (Security Focus Alert)


Privacy | FAQ | Site Map | About | Guidelines | Contact | Advertising | What is ColdFusion?
House of Fusion | ColdFusion Jobs | Blog of Fusion | AHP Hosting