Lucene search

RedhatCVELIST:CVE-2009-0781

HistoryMar 09, 2009 - 9:00 p.m.

CVE-2009-0781

2009-03-0921:00:00

redhat

www.cve.org

AI Score

4.6

Confidence

High

EPSS

0.277

Percentile

96.9%

JSON

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to “invalid HTML.”

References

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

marc.info/?l=bugtraq&m=127420533226623&w=2

marc.info/?l=bugtraq&m=129070310906557&w=2

marc.info/?l=bugtraq&m=133469267822771&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

secunia.com/advisories/35685

secunia.com/advisories/35788

secunia.com/advisories/37460

secunia.com/advisories/42368

sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1

support.apple.com/kb/HT4077

tomcat.apache.org/security-4.html

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

www.debian.org/security/2011/dsa-2207

www.mandriva.com/security/advisories?name=MDVSA-2009:136

www.mandriva.com/security/advisories?name=MDVSA-2009:138

www.securityfocus.com/archive/1/501538/100/0/threaded

www.securityfocus.com/archive/1/507985/100/0/threaded

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/1856

www.vupen.com/english/advisories/2009/3316

www.vupen.com/english/advisories/2010/3056

exchange.xforce.ibmcloud.com/vulnerabilities/49213

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564

www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html

www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html

www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html