Summary: | vulnerability in DefaultServlet | ||
---|---|---|---|
Product: | Tomcat 6 | Reporter: | naviton |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | P2 | ||
Version: | 6.0.20 | ||
Target Milestone: | default | ||
Hardware: | All | ||
OS: | All |
Description
naviton
2010-01-20 03:14:11 UTC
I wouldn't class this as a vulnerability as it requires both a bug (missing page) in the app and the app to pass on request parameters to the included page without validating them. Regardless, I have added HTML filtering so the output isn't corrupted. This has been fixed in 6.0.x and will be included in 6.0.25 onwards. |