UNKNOWN Maven
Cross-site scripting in Apache Tomcat
GHSA-pm78-wxxf-fw98 · CVE-2006-7196
Published · Modified
Description
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2006-7196
- WEB https://access.redhat.com/errata/RHSA-2007:0326
- WEB https://access.redhat.com/errata/RHSA-2007:0340
- WEB https://access.redhat.com/errata/RHSA-2008:0261
- WEB https://access.redhat.com/errata/RHSA-2008:0524
- WEB https://access.redhat.com/security/cve/CVE-2006-7196
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=238131
- PACKAGE https://github.com/apache/tomcat
- WEB https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- WEB https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
- WEB https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
- WEB https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
- WEB https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
- WEB https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
- WEB http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
- WEB http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
- WEB http://osvdb.org/34888
- WEB http://secunia.com/advisories/29242
- WEB http://secunia.com/advisories/33668
- WEB http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
- WEB http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
- WEB http://tomcat.apache.org/security-4.html
- WEB http://tomcat.apache.org/security-5.html
- WEB http://www.redhat.com/support/errata/RHSA-2008-0261.html
- WEB http://www.securityfocus.com/archive/1/478491/100/0/threaded
- WEB http://www.securityfocus.com/archive/1/478609/100/0/threaded
- WEB http://www.securityfocus.com/archive/1/500396/100/0/threaded
- WEB http://www.securityfocus.com/archive/1/500412/100/0/threaded
- WEB http://www.securityfocus.com/bid/25531
- WEB http://www.vupen.com/english/advisories/2007/1729
- WEB http://www.vupen.com/english/advisories/2009/0233
Ready to move
Start Securing
Free, no credit card | First findings in minutes