CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
85.8%
Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | tomcat | 6.0.12 | cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:* |
apache | tomcat | 6.0.13 | cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:* |
apache | tomcat | 6.0.14 | cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:* |
apache | tomcat | 6.0.15 | cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:* |
apache | tomcat | 6.0.16 | cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:* |
apache | tomcat | 6.0.17 | cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:* |
apache | tomcat | 6.0.18 | cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:* |
apache | tomcat | 6.0.19 | cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:* |
apache | tomcat | 6.0.20 | cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:* |
apache | tomcat | 6.0.24 | cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:* |
archives.neohapsis.com/archives/fulldisclosure/2010-11/0285.html
lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
marc.info/?l=bugtraq&m=139344343412337&w=2
secunia.com/advisories/42337
secunia.com/advisories/43019
secunia.com/advisories/45022
secunia.com/advisories/57126
securitytracker.com/id?1024764
support.apple.com/kb/HT5002
support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
svn.apache.org/viewvc?view=revision&revision=1037778
svn.apache.org/viewvc?view=revision&revision=1037779
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
www.redhat.com/support/errata/RHSA-2011-0791.html
www.redhat.com/support/errata/RHSA-2011-0896.html
www.redhat.com/support/errata/RHSA-2011-0897.html
www.securityfocus.com/archive/1/514866/100/0/threaded
www.securityfocus.com/bid/45015
www.ubuntu.com/usn/USN-1048-1
www.vupen.com/english/advisories/2010/3047
www.vupen.com/english/advisories/2011/0203
bugzilla.redhat.com/show_bug.cgi?id=656246
exchange.xforce.ibmcloud.com/vulnerabilities/63422