New Apache Tomcat Exploit.

Publicated on : 1182267491
It has been a while but a few new holes are found in Apache tomcat. And yes, they are cross site scripting holes, like we love. Apache tomcat had some serious flaws in the past, and it amazes me because they more or less build upon previous vulnerabilities, or at least are related to the same issues.

Previous vulnerabilities include:

- Directory traversal: Tomcat permits '', '%2F' and '%5C' as path delimiters.
- XSS web-cache poisoning
- Multiple various XSS vulnerabilities.

And one of the newest to add to the arsenal: