Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
marc.info/?l=bugtraq&m=130168502603566&w=2
marc.info/?l=bugtraq&m=132215163318824&w=2
marc.info/?l=bugtraq&m=136485229118404&w=2
marc.info/?l=bugtraq&m=139344343412337&w=2
secunia.com/advisories/43192
secunia.com/advisories/45022
secunia.com/advisories/57126
securityreason.com/securityalert/8093
support.apple.com/kb/HT5002
support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32
tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30
tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29
www.debian.org/security/2011/dsa-2160
www.mandriva.com/security/advisories?name=MDVSA-2011:030
www.redhat.com/support/errata/RHSA-2011-0791.html
www.redhat.com/support/errata/RHSA-2011-0896.html
www.redhat.com/support/errata/RHSA-2011-0897.html
www.redhat.com/support/errata/RHSA-2011-1845.html
www.securityfocus.com/archive/1/516209/30/90/threaded
www.securityfocus.com/bid/46174
www.securitytracker.com/id?1025026
www.vupen.com/english/advisories/2011/0376
bugzilla.redhat.com/show_bug.cgi?id=675786
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269