CVE: CVE-2011-0013

Descrizione: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Vettore di attacco

Riferimenti esterni

• http://marc.info/?l=bugtraq&m=136485229118404&w=2
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878
• http://www.vupen.com/english/advisories/2011/0376
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269
• http://secunia.com/advisories/45022
• http://www.redhat.com/support/errata/RHSA-2011-1845.html
• http://www.securityfocus.com/bid/46174
• http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
• http://marc.info/?l=bugtraq&m=132215163318824&w=2
• http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:030
• http://www.securityfocus.com/archive/1/516209/30/90/threaded
• http://www.redhat.com/support/errata/RHSA-2011-0897.html
• http://secunia.com/advisories/57126
• http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32
• http://www.redhat.com/support/errata/RHSA-2011-0791.html
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945
• https://bugzilla.redhat.com/show_bug.cgi?id=675786
• http://secunia.com/advisories/43192
• http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29
• http://www.securitytracker.com/id?1025026
• http://www.redhat.com/support/errata/RHSA-2011-0896.html
• http://www.debian.org/security/2011/dsa-2160
• http://support.apple.com/kb/HT5002
• http://marc.info/?l=bugtraq&m=132215163318824&w=2
• http://marc.info/?l=bugtraq&m=136485229118404&w=2
• http://securityreason.com/securityalert/8093
• http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30
• http://marc.info/?l=bugtraq&m=130168502603566&w=2
• http://marc.info/?l=bugtraq&m=139344343412337&w=2
• http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
• https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

Prodotti interessati

• n/a – n/a

Relazioni con altri prodotti

Nessun prodotto trovato per il CVE: cve-2011-0013