Lucene search

RedhatCVE-2011-0013

HistoryFeb 19, 2011 - 1:00 a.m.

CVE-2011-0013

2011-02-1901:00:01

CWE-79

redhat

web.nvd.nist.gov

cve-2011-0013

cross-site scripting

xss

apache tomcat

html manager interface

remote attackers

web script

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

Low

EPSS

0.001

Percentile

50.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Affected configurations

Nvd

Node

apachetomcatMatch7.0.0

apachetomcatMatch7.0.1

apachetomcatMatch7.0.2

apachetomcatMatch7.0.3

apachetomcatMatch7.0.4

apachetomcatMatch7.0.5

Node

apachetomcatMatch6.0

apachetomcatMatch6.0.0

apachetomcatMatch6.0.1

apachetomcatMatch6.0.2

apachetomcatMatch6.0.3

apachetomcatMatch6.0.4

apachetomcatMatch6.0.5

apachetomcatMatch6.0.6

apachetomcatMatch6.0.7

apachetomcatMatch6.0.8

apachetomcatMatch6.0.9

apachetomcatMatch6.0.10

apachetomcatMatch6.0.11

apachetomcatMatch6.0.12

apachetomcatMatch6.0.13

apachetomcatMatch6.0.14

apachetomcatMatch6.0.15

apachetomcatMatch6.0.16

apachetomcatMatch6.0.17

apachetomcatMatch6.0.18

apachetomcatMatch6.0.19

apachetomcatMatch6.0.20

apachetomcatMatch6.0.24

apachetomcatMatch6.0.26

apachetomcatMatch6.0.27

apachetomcatMatch6.0.28

apachetomcatMatch6.0.29

Node

apachetomcatMatch5.5.0

apachetomcatMatch5.5.1

apachetomcatMatch5.5.2

apachetomcatMatch5.5.3

apachetomcatMatch5.5.4

apachetomcatMatch5.5.5

apachetomcatMatch5.5.6

apachetomcatMatch5.5.7

apachetomcatMatch5.5.8

apachetomcatMatch5.5.9

apachetomcatMatch5.5.10

apachetomcatMatch5.5.11

apachetomcatMatch5.5.12

apachetomcatMatch5.5.13

apachetomcatMatch5.5.14

apachetomcatMatch5.5.15

apachetomcatMatch5.5.16

apachetomcatMatch5.5.17

apachetomcatMatch5.5.18

apachetomcatMatch5.5.19

apachetomcatMatch5.5.20

apachetomcatMatch5.5.21

apachetomcatMatch5.5.22

apachetomcatMatch5.5.23

apachetomcatMatch5.5.24

apachetomcatMatch5.5.25

apachetomcatMatch5.5.26

apachetomcatMatch5.5.27

apachetomcatMatch5.5.28

apachetomcatMatch5.5.29

apachetomcatMatch5.5.30

apachetomcatMatch5.5.31

VendorProductVersionCPE
apachetomcat7.0.0cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
apachetomcat7.0.1cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
apachetomcat7.0.2cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
apachetomcat7.0.3cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
apachetomcat7.0.4cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
apachetomcat7.0.5cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
apachetomcat6.0cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*
apachetomcat6.0.0cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
apachetomcat6.0.1cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
apachetomcat6.0.2cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	tomcat	7.0.0	cpe:2.3:a:apache:tomcat:7.0.0:::::::*
apache	tomcat	7.0.1	cpe:2.3:a:apache:tomcat:7.0.1:::::::*
apache	tomcat	7.0.2	cpe:2.3:a:apache:tomcat:7.0.2:::::::*
apache	tomcat	7.0.3	cpe:2.3:a:apache:tomcat:7.0.3:::::::*
apache	tomcat	7.0.4	cpe:2.3:a:apache:tomcat:7.0.4:::::::*
apache	tomcat	7.0.5	cpe:2.3:a:apache:tomcat:7.0.5:::::::*
apache	tomcat	6.0	cpe:2.3:a:apache:tomcat:6.0:::::::*
apache	tomcat	6.0.0	cpe:2.3:a:apache:tomcat:6.0.0:::::::*
apache	tomcat	6.0.1	cpe:2.3:a:apache:tomcat:6.0.1:::::::*
apache	tomcat	6.0.2	cpe:2.3:a:apache:tomcat:6.0.2:::::::*

Rows per page:

1-10 of 651

References

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

marc.info/?l=bugtraq&m=130168502603566&w=2

marc.info/?l=bugtraq&m=132215163318824&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

secunia.com/advisories/43192

secunia.com/advisories/45022

secunia.com/advisories/57126

securityreason.com/securityalert/8093

support.apple.com/kb/HT5002

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html

tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32

tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30

tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29

www.debian.org/security/2011/dsa-2160

www.mandriva.com/security/advisories?name=MDVSA-2011:030

www.redhat.com/support/errata/RHSA-2011-0791.html

www.redhat.com/support/errata/RHSA-2011-0896.html

www.redhat.com/support/errata/RHSA-2011-0897.html

www.redhat.com/support/errata/RHSA-2011-1845.html

www.securityfocus.com/archive/1/516209/30/90/threaded

www.securityfocus.com/bid/46174

www.securitytracker.com/id?1025026

www.vupen.com/english/advisories/2011/0376

bugzilla.redhat.com/show_bug.cgi?id=675786

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

Low

EPSS

0.001

Percentile

50.9%

JSON

Related for CVE-2011-0013