Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-4172

Опубликовано: 22 нояб. 2010
Источник: redhat
CVSS2: 4.3
EPSS Средний

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5tomcat5Not affected
JBEWS 1.0 for RHEL 4antFixedRHSA-2011:089722.06.2011
JBEWS 1.0 for RHEL 4antlrFixedRHSA-2011:089722.06.2011
JBEWS 1.0 for RHEL 4bcelFixedRHSA-2011:089722.06.2011
JBEWS 1.0 for RHEL 4cglibFixedRHSA-2011:089722.06.2011
JBEWS 1.0 for RHEL 4dom4jFixedRHSA-2011:089722.06.2011
JBEWS 1.0 for RHEL 4ecjFixedRHSA-2011:089722.06.2011
JBEWS 1.0 for RHEL 4glassfish-jafFixedRHSA-2011:089722.06.2011
JBEWS 1.0 for RHEL 4glassfish-javamailFixedRHSA-2011:089722.06.2011
JBEWS 1.0 for RHEL 4glassfish-jsfFixedRHSA-2011:089722.06.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=656246tomcat: cross-site-scripting vulnerability in the manager application

EPSS

Процентиль: 96%
0.22781
Средний

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2010-4172

ubuntu
больше 14 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

nvd логотип

CVE-2010-4172

nvd
больше 14 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

debian логотип

CVE-2010-4172

debian
больше 14 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the Manager app ...

github логотип

GHSA-c78g-qwpw-2jgv

github
около 3 лет назад

Improper Neutralization of Input During Web Page Generation in Apache Tomcat

oracle-oval логотип

ELSA-2011-0791

oracle-oval
около 14 лет назад

ELSA-2011-0791: tomcat6 security and bug fix update (MODERATE)

EPSS

Процентиль: 96%
0.22781
Средний

4.3 Medium

CVSS2