Detections
Analytics
CVE-2011-0013
medium
Description
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878
https://bugzilla.redhat.com/show_bug.cgi?id=675786
http://www.vupen.com/english/advisories/2011/0376
http://www.securityfocus.com/bid/46174
http://www.securityfocus.com/archive/1/516209/30/90/threaded
http://www.redhat.com/support/errata/RHSA-2011-1845.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0791.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:030
http://www.debian.org/security/2011/dsa-2160
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30
http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
http://support.apple.com/kb/HT5002
http://securityreason.com/securityalert/8093
http://secunia.com/advisories/57126
http://secunia.com/advisories/45022
http://secunia.com/advisories/43192
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://marc.info/?l=bugtraq&m=132215163318824&w=2
http://marc.info/?l=bugtraq&m=130168502603566&w=2
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html