Lucene search

K

GoogleOSV:GHSA-C78G-QWPW-2JGV

HistoryMay 14, 2022 - 2:42 a.m.

Improper Neutralization of Input During Web Page Generation in Apache Tomcat

2022-05-1402:42:46

Google

osv.dev

17

apache tomcat

cross-site scripting

vulnerabilities

web script

html

remote attackers

web applications

EPSS

0.013

Percentile

85.8%

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

References

bugzilla.redhat.com/show_bug.cgi?id=656246

github.com/apache/tomcat

github.com/apache/tomcat/commit/5971f9392edc6d70808b2599b062b050fcd11d23

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

marc.info/?l=bugtraq&m=139344343412337&w=2

nvd.nist.gov/vuln/detail/CVE-2010-4172

tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.5

www.redhat.com/support/errata/RHSA-2011-0896.html

www.redhat.com/support/errata/RHSA-2011-0897.html

www.securityfocus.com/archive/1/514866/100/0/threaded

www.ubuntu.com/usn/USN-1048-1

www.vupen.com/english/advisories/2010/3047

www.vupen.com/english/advisories/2011/0203

EPSS

0.013

Percentile

85.8%

Related for OSV:GHSA-C78G-QWPW-2JGV

openvas11 nessus14 securityvulns4 prion1 exploitdb1 nvd1 ubuntucve1 github1 tomcat2 cve1 ubuntu1 cvelist1 redhat2 oraclelinux1 gentoo1 ibm1