RedhatCVELIST:CVE-2010-4172CVE-2010-4172
Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
References
archives.neohapsis.com/archives/fulldisclosure/2010-11/0285.html
lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
marc.info/?l=bugtraq&m=139344343412337&w=2
secunia.com/advisories/42337
secunia.com/advisories/43019
secunia.com/advisories/45022
secunia.com/advisories/57126
securitytracker.com/id?1024764
support.apple.com/kb/HT5002
support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
svn.apache.org/viewvc?view=revision&revision=1037778
svn.apache.org/viewvc?view=revision&revision=1037779
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
www.redhat.com/support/errata/RHSA-2011-0791.html
www.redhat.com/support/errata/RHSA-2011-0896.html
www.redhat.com/support/errata/RHSA-2011-0897.html
www.securityfocus.com/archive/1/514866/100/0/threaded
www.securityfocus.com/bid/45015
www.ubuntu.com/usn/USN-1048-1
www.vupen.com/english/advisories/2010/3047
www.vupen.com/english/advisories/2011/0203
bugzilla.redhat.com/show_bug.cgi?id=656246
exchange.xforce.ibmcloud.com/vulnerabilities/63422
Related
