Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
marc.info/?l=bugtraq&m=130168502603566&w=2
marc.info/?l=bugtraq&m=132215163318824&w=2
marc.info/?l=bugtraq&m=136485229118404&w=2
marc.info/?l=bugtraq&m=139344343412337&w=2
securityreason.com/securityalert/8093
support.apple.com/kb/HT5002
support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32
tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30
tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29
www.debian.org/security/2011/dsa-2160
www.mandriva.com/security/advisories?name=MDVSA-2011:030
access.redhat.com/errata/RHSA-2011:0791
access.redhat.com/errata/RHSA-2011:0896
access.redhat.com/errata/RHSA-2011:0897
access.redhat.com/errata/RHSA-2011:1845
access.redhat.com/security/cve/CVE-2011-0013
bugzilla.redhat.com/show_bug.cgi?id=675786
github.com/apache/tomcat
github.com/apache/tomcat/commit/58223c5ecc0751c3642c810f291b8f033d33b97f
github.com/apache/tomcat55/commit/863d77c7d321245de019ac32252828e0a025c5b4
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2011-0013
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269
web.archive.org/web/20111227000129/secunia.com/advisories/45022
web.archive.org/web/20111229163935/secunia.com/advisories/43192
web.archive.org/web/20120126065143/www.securityfocus.com/archive/1/516209/30/90/threaded
web.archive.org/web/20120126070320/www.securitytracker.com/id?1025026
web.archive.org/web/20120213130147/www.securityfocus.com/bid/46174
web.archive.org/web/20151017023138/secunia.com/advisories/57126