Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2010-4172

Опубликовано: 26 нояб. 2010
Источник: ubuntu
Приоритет: medium
CVSS2: 4.3

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

РелизСтатусПримечание
dapper

ignored

end of life
devel

DNE

hardy

DNE

karmic

DNE

lucid

DNE

maverick

DNE

natty

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

hardy

ignored

karmic

DNE

lucid

DNE

maverick

DNE

natty

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

not-affected

6.0.28-9
hardy

DNE

karmic

released

6.0.20-2ubuntu2.3
lucid

released

6.0.24-2ubuntu1.6
maverick

released

6.0.28-2ubuntu1.1
natty

not-affected

6.0.28-9
upstream

released

6.0.30

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2010-4172

redhat
больше 14 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

nvd логотип

CVE-2010-4172

nvd
больше 14 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

debian логотип

CVE-2010-4172

debian
больше 14 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the Manager app ...

github логотип

GHSA-c78g-qwpw-2jgv

github
около 3 лет назад

Improper Neutralization of Input During Web Page Generation in Apache Tomcat

oracle-oval логотип

ELSA-2011-0791

oracle-oval
около 14 лет назад

ELSA-2011-0791: tomcat6 security and bug fix update (MODERATE)

4.3 Medium

CVSS2