UNKNOWN Maven
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
GHSA-c78g-qwpw-2jgv · CVE-2010-4172
Published · Modified
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2010-4172
- WEB https://github.com/apache/tomcat/commit/5971f9392edc6d70808b2599b062b050fcd11d23
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=656246
- PACKAGE https://github.com/apache/tomcat
- WEB https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- WEB https://marc.info/?l=bugtraq&m=139344343412337&w=2
- WEB https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.5
- WEB https://www.redhat.com/support/errata/RHSA-2011-0896.html
- WEB https://www.redhat.com/support/errata/RHSA-2011-0897.html
- WEB https://www.securityfocus.com/archive/1/514866/100/0/threaded
- WEB https://www.ubuntu.com/usn/USN-1048-1
- WEB https://www.vupen.com/english/advisories/2010/3047
- WEB https://www.vupen.com/english/advisories/2011/0203
Ready to move
Start Securing
Free, no credit card | First findings in minutes