CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
85.8%
Multiple cross-site scripting (XSS) vulnerabilities in the Manager
application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4
allow remote attackers to inject arbitrary web script or HTML via the (1)
orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to
(3) sessionDetail.jsp or (4)
java/org/apache/catalina/manager/JspHelper.java, related to use of
untrusted web applications.
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
www.vupen.com/english/advisories/2010/3047
launchpad.net/bugs/cve/CVE-2010-4172
nvd.nist.gov/vuln/detail/CVE-2010-4172
security-tracker.debian.org/tracker/CVE-2010-4172
ubuntu.com/security/notices/USN-1048-1
www.cve.org/CVERecord?id=CVE-2010-4172