Lucene search

[email protected]CVE-2011-0013

HistoryFeb 19, 2011 - 1:00 a.m.

CVE-2011-0013

2011-02-1901:00:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2011-0013

cross-site scripting

xss

apache tomcat

html manager interface

remote attackers

web script

nvd

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

CPENameOperatorVersion
apache:tomcatapache tomcateq7.0.1
apache:tomcatapache tomcateq7.0.2
apache:tomcatapache tomcateq7.0.5
apache:tomcatapache tomcateq7.0.0
apache:tomcatapache tomcateq7.0.4
apache:tomcatapache tomcateq7.0.3
apache:tomcatapache tomcateq6.0.6
apache:tomcatapache tomcateq6.0.11
apache:tomcatapache tomcateq6.0.7
apache:tomcatapache tomcateq6.0.4

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	7.0.1
apache:tomcat	apache tomcat	eq	7.0.2
apache:tomcat	apache tomcat	eq	7.0.5
apache:tomcat	apache tomcat	eq	7.0.0
apache:tomcat	apache tomcat	eq	7.0.4
apache:tomcat	apache tomcat	eq	7.0.3
apache:tomcat	apache tomcat	eq	6.0.6
apache:tomcat	apache tomcat	eq	6.0.11
apache:tomcat	apache tomcat	eq	6.0.7
apache:tomcat	apache tomcat	eq	6.0.4

Rows per page:

1-10 of 651

References

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

marc.info/?l=bugtraq&m=130168502603566&w=2

marc.info/?l=bugtraq&m=132215163318824&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

secunia.com/advisories/43192

secunia.com/advisories/45022

secunia.com/advisories/57126

securityreason.com/securityalert/8093

support.apple.com/kb/HT5002

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html

tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32

tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30

tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29

www.debian.org/security/2011/dsa-2160

www.mandriva.com/security/advisories?name=MDVSA-2011:030

www.redhat.com/support/errata/RHSA-2011-0791.html

www.redhat.com/support/errata/RHSA-2011-0896.html

www.redhat.com/support/errata/RHSA-2011-0897.html

www.redhat.com/support/errata/RHSA-2011-1845.html

www.securityfocus.com/archive/1/516209/30/90/threaded

www.securityfocus.com/bid/46174

www.securitytracker.com/id?1025026

www.vupen.com/english/advisories/2011/0376

bugzilla.redhat.com/show_bug.cgi?id=675786

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.7%

JSON

Related for CVE-2011-0013

packetstorm1 ubuntucve1 openvas29 nessus23 prion1 tomcat3 securityvulns4 freebsd1 github1 osv2 redhat3 ubuntu1 debian1 oraclelinux3 fedora1 centos1 gentoo1 ibm1