PRIOn knowledge basePRION:CVE-2009-0781Cross site scripting
5.9 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.269 Low
EPSS
Percentile
96.6%
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to “invalid HTML.”
References
lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
secunia.com/advisories/35685
secunia.com/advisories/35788
secunia.com/advisories/37460
secunia.com/advisories/42368
sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
support.apple.com/kb/HT4077
tomcat.apache.org/security-4.html
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
www.debian.org/security/2011/dsa-2207
www.mandriva.com/security/advisories?name=MDVSA-2009:136
www.mandriva.com/security/advisories?name=MDVSA-2009:138
www.securityfocus.com/archive/1/501538/100/0/threaded
www.securityfocus.com/archive/1/507985/100/0/threaded
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/1856
www.vupen.com/english/advisories/2009/3316
www.vupen.com/english/advisories/2010/3056
exchange.xforce.ibmcloud.com/vulnerabilities/49213
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
marc.info/?l=bugtraq&m=127420533226623&w=2
marc.info/?l=bugtraq&m=129070310906557&w=2
marc.info/?l=bugtraq&m=133469267822771&w=2
marc.info/?l=bugtraq&m=136485229118404&w=2
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564
www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
Related
5.9 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.269 Low
EPSS
Percentile
96.6%