Lucene search

K

GitHub Advisory DatabaseGHSA-HC39-RJWP-QFFQ

HistoryMay 01, 2022 - 6:03 p.m.

Apache Tomcat XSS Vulnerabilities in Examples Web Application

2022-05-0118:03:36

GitHub Advisory Database

github.com

17

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.968 High

EPSS

Percentile

99.7%

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ; character, as demonstrated by a URI containing a snp/snoop.jsp; sequence.

Affected configurations

Vulners

Node

org.apache.tomcat\Matchtomcat

OR

org.apache.tomcat\Matchtomcat

OR

org.apache.tomcat\Matchtomcat

OR

org.apache.tomcat\Matchtomcat

CPENameOperatorVersion
org.apache.tomcat:tomcatle6.0.13
org.apache.tomcat:tomcatle5.5.24
org.apache.tomcat:tomcatle5.0.30
org.apache.tomcat:tomcatle4.0.6

References

lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

rhn.redhat.com/errata/RHSA-2008-0630.html

support.apple.com/kb/HT2163

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

tomcat.apache.org/security-4.html

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

www.redhat.com/support/errata/RHSA-2007-0569.html

www.redhat.com/support/errata/RHSA-2008-0261.html

exchange.xforce.ibmcloud.com/vulnerabilities/34869

github.com/advisories/GHSA-hc39-rjwp-qffq

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

nvd.nist.gov/vuln/detail/CVE-2007-2449

www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.968 High

EPSS

Percentile

99.7%

Related for GHSA-HC39-RJWP-QFFQ

osv1 nvd1 prion1 packetstorm1 nessus24 jvn1 cve1 cvelist1 ubuntucve1 veracode1 securityvulns3 openvas28 redhat5 oraclelinux1 centos1 tomcat3 fedora5 altlinux1 ibm1