Lucene search

GitHub Advisory DatabaseGHSA-3P86-XGRQ-M6P6

HistoryMay 03, 2022 - 3:25 a.m.

Improper Neutralization of Input During Web Page Generation in Apache Tomcat

2022-05-0303:25:09

CWE-79

GitHub Advisory Database

github.com

apache tomcat

input neutralization

html manager interface

cross-site scripting

vulnerabilities

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.001

Percentile

50.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Affected configurations

Vulners

Node

org.apache.tomcattomcatRange7.0.0–7.0.6

org.apache.tomcattomcatRange6.0.0–6.0.30

org.apache.tomcattomcatRange5.5.0–5.5.32

VendorProductVersionCPE
org.apache.tomcattomcat*cpe:2.3:a:org.apache.tomcat:tomcat:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.apache.tomcat	tomcat	*	cpe:2.3:a:org.apache.tomcat:tomcat::::::::

References

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

marc.info/?l=bugtraq&m=130168502603566&w=2

marc.info/?l=bugtraq&m=132215163318824&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

securityreason.com/securityalert/8093

support.apple.com/kb/HT5002

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html

tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32

tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30

tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29

www.debian.org/security/2011/dsa-2160

www.mandriva.com/security/advisories?name=MDVSA-2011:030

access.redhat.com/errata/RHSA-2011:0791

access.redhat.com/errata/RHSA-2011:0896

access.redhat.com/errata/RHSA-2011:0897

access.redhat.com/errata/RHSA-2011:1845

access.redhat.com/security/cve/CVE-2011-0013

bugzilla.redhat.com/show_bug.cgi?id=675786

github.com/advisories/GHSA-3p86-xgrq-m6p6

github.com/apache/tomcat/commit/58223c5ecc0751c3642c810f291b8f033d33b97f

github.com/apache/tomcat55/commit/863d77c7d321245de019ac32252828e0a025c5b4

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

nvd.nist.gov/vuln/detail/CVE-2011-0013

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269

web.archive.org/web/20111227000129/secunia.com/advisories/45022

web.archive.org/web/20111229163935/secunia.com/advisories/43192

web.archive.org/web/20120126065143/www.securityfocus.com/archive/1/516209/30/90/threaded

web.archive.org/web/20120126070320/www.securitytracker.com/id?1025026

web.archive.org/web/20120213130147/www.securityfocus.com/bid/46174

web.archive.org/web/20151017023138/secunia.com/advisories/57126

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.001

Percentile

50.9%

JSON

Related for GHSA-3P86-XGRQ-M6P6