Lucene search

[email protected]NVD:CVE-2010-4172

HistoryNov 26, 2010 - 8:00 p.m.

CVE-2010-4172

2010-11-2620:00:04

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

4.5

Confidence

High

EPSS

0.013

Percentile

85.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

Affected configurations

Nvd

Node

apachetomcatMatch6.0.12

apachetomcatMatch6.0.13

apachetomcatMatch6.0.14

apachetomcatMatch6.0.15

apachetomcatMatch6.0.16

apachetomcatMatch6.0.17

apachetomcatMatch6.0.18

apachetomcatMatch6.0.19

apachetomcatMatch6.0.20

apachetomcatMatch6.0.24

apachetomcatMatch6.0.26

apachetomcatMatch6.0.27

apachetomcatMatch6.0.28

apachetomcatMatch6.0.29

apachetomcatMatch7.0.0

apachetomcatMatch7.0.0beta

apachetomcatMatch7.0.1

apachetomcatMatch7.0.2

apachetomcatMatch7.0.3

apachetomcatMatch7.0.4

VendorProductVersionCPE
apachetomcat6.0.12cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
apachetomcat6.0.13cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
apachetomcat6.0.14cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
apachetomcat6.0.15cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
apachetomcat6.0.16cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
apachetomcat6.0.17cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
apachetomcat6.0.18cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
apachetomcat6.0.19cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
apachetomcat6.0.20cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
apachetomcat6.0.24cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	tomcat	6.0.12	cpe:2.3:a:apache:tomcat:6.0.12:::::::*
apache	tomcat	6.0.13	cpe:2.3:a:apache:tomcat:6.0.13:::::::*
apache	tomcat	6.0.14	cpe:2.3:a:apache:tomcat:6.0.14:::::::*
apache	tomcat	6.0.15	cpe:2.3:a:apache:tomcat:6.0.15:::::::*
apache	tomcat	6.0.16	cpe:2.3:a:apache:tomcat:6.0.16:::::::*
apache	tomcat	6.0.17	cpe:2.3:a:apache:tomcat:6.0.17:::::::*
apache	tomcat	6.0.18	cpe:2.3:a:apache:tomcat:6.0.18:::::::*
apache	tomcat	6.0.19	cpe:2.3:a:apache:tomcat:6.0.19:::::::*
apache	tomcat	6.0.20	cpe:2.3:a:apache:tomcat:6.0.20:::::::*
apache	tomcat	6.0.24	cpe:2.3:a:apache:tomcat:6.0.24:::::::*