“CERT Advisory CA-2000-02 (Malicious Scripting Tags Embedded
in Client Web Requests) discusses how malicious scripts can be
introduced into dynamically generated web pages based on
unvalidated input from untrustworthy sources (typically web
browsers). Most of the advisory addresses issues concerning
browsers and web site developers. The portion of the advisory that
concerns web servers has to do with dynamically generated pages
that the web server may install by default.”
“Java Web Server ships with some example servlets and CGI
scripts that dynamically generate content and could potentially be
exploited because they echo portions of the URL that invoked them
back to the browser. The core functionality of Java Web Server is
secure — it is only the examples that need to be addressed.”
“While only a couple of the examples could be exploited we have
always recommended that all examples and unnecessary servlets be
disabled before deploying Java Web Server into a production
environment.”
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.