Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
jvn.jp/jp/JVN%2307100457/index.html
lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
secunia.com/advisories/25678
secunia.com/advisories/26076
secunia.com/advisories/27037
secunia.com/advisories/27727
secunia.com/advisories/28549
secunia.com/advisories/30802
secunia.com/advisories/30899
secunia.com/advisories/30908
secunia.com/advisories/33668
securityreason.com/securityalert/2813
sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
support.apple.com/kb/HT2163
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
tomcat.apache.org/security-4.html
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
www.debian.org/security/2008/dsa-1468
www.mandriva.com/security/advisories?name=MDKSA-2007:241
www.osvdb.org/36079
www.redhat.com/support/errata/RHSA-2007-0569.html
www.redhat.com/support/errata/RHSA-2008-0261.html
www.securityfocus.com/archive/1/471357/100/0/threaded
www.securityfocus.com/archive/1/500396/100/0/threaded
www.securityfocus.com/archive/1/500412/100/0/threaded
www.securityfocus.com/bid/24475
www.securitytracker.com/id?1018245
www.vupen.com/english/advisories/2007/2213
www.vupen.com/english/advisories/2007/3386
www.vupen.com/english/advisories/2008/1979/references
www.vupen.com/english/advisories/2008/1981/references
www.vupen.com/english/advisories/2009/0233
exchange.xforce.ibmcloud.com/vulnerabilities/34868
lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287
www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html