‘Bajie HTTP Server Cross-Site Scripting Vulnerability’


Bajie server is ‘a fast jspservlet engine and a stand alone http web server. It is the smallest of this kind. Support a wide range of features. It can also act as a servlet/JSP engine plugin for apache or IIS via AJP’. A cross-site scripting vulnerability in the product allows remote attackers to insert malicious HTML and JavaScript into the error message shown by the product.’


‘The information has been provided by Luca Ercoli.’


Vulnerable systems:
 * Bajie HTTP Web Server version 0.95zxe
 * Bajie HTTP Web Server version 0.95zxc

http://bajieserver/< script>alert(‘Bajie is not secure’)</script>

Categories: News