GoogleOSV:GHSA-5C5P-JXVX-X7J2Apache Tomcat vulnerable to Cross-site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
References
community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
jvn.jp/jp/JVN%2307100457/index.html
lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
support.apple.com/kb/HT2163
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
tomcat.apache.org/security-4.html
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
www.debian.org/security/2008/dsa-1468
www.mandriva.com/security/advisories?name=MDKSA-2007:241
www.redhat.com/support/errata/RHSA-2007-0569.html
www.redhat.com/support/errata/RHSA-2008-0261.html
exchange.xforce.ibmcloud.com/vulnerabilities/34868
github.com/apache/tomcat
github.com/apache/tomcat/commit/1bc3bcb2848f478fd6674487d6dad507fd5dd686
lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2007-2450
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287
web.archive.org/web/20071203205513/secunia.com/advisories/25678
web.archive.org/web/20080212014926/secunia.com/advisories/26076
web.archive.org/web/20080320042501/secunia.com/advisories/27727
web.archive.org/web/20080324012730/secunia.com/advisories/28549
web.archive.org/web/20080413164556/securitytracker.com/alerts/2007/Jun/1018245.html
web.archive.org/web/20080724125033/secunia.com/advisories/27037
web.archive.org/web/20080801204240/secunia.com/advisories/30899
web.archive.org/web/20080801210056/secunia.com/advisories/30802
web.archive.org/web/20090623202429/secunia.com/advisories/33668
web.archive.org/web/20120809122231/secunia.com/advisories/30908
web.archive.org/web/20200229180652/www.securityfocus.com/bid/24475
web.archive.org/web/20200517122628/www.securityfocus.com/archive/1/500396/100/0/threaded
web.archive.org/web/20200517153851/www.securityfocus.com/archive/1/500412/100/0/threaded
web.archive.org/web/20200809062244/www.securityfocus.com/archive/1/471357/100/0/threaded
web.archive.org/web/20201207215920/https://cxsecurity.com/issue/WLB-2007060074
www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
Related
