Nessus Plugin #10957
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
JServ Cross Site Scripting
- Family:
- CGI abuses : XSS
- Category:
- attack
- Copyright:
- This script is Copyright (C) 2002 Matt Moore
- Summary:
- Tests for JServ Cross Site Scripting
- Version:
- $Revision: 1.11 $
- Cve_id:
- -
- Bugtraq_id:
- -
- Xrefs:
- -
- Description:
- Older versions of JServ (including the version
shipped with Oracle9i App Server v1.0.2) are vulnerable to a
cross site scripting attack using a request for a non-existent
.JSP file.
Solution: Upgrade to the latest version of JServ available at
java.apache.org. Also consider switching from JServ to TomCat,
since JServ is no longer maintained.
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.