Skinnay

CVE-2002-1567 EXPLOITDB text WRITEUP

Apache Tomcat 4.1.0-4.1.28 - Cross-Site Scripting via Encoded Newlines in JSP Filename

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.

View Code

CVE-2002-1533 EXPLOITDB text WORKING POC

Jetty < 4.1.1 - Cross-Site Scripting via JSP Filename with Encoded Linefeed

Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a).

View Code