PRIOn knowledge basePRION:CVE-2010-4172Cross site scripting
6 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.4%
Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
References
archives.neohapsis.com/archives/fulldisclosure/2010-11/0285.html
lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
secunia.com/advisories/42337
secunia.com/advisories/43019
secunia.com/advisories/45022
secunia.com/advisories/57126
securitytracker.com/id?1024764
support.apple.com/kb/HT5002
support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
svn.apache.org/viewvc?view=revision&revision=1037778
svn.apache.org/viewvc?view=revision&revision=1037779
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
www.redhat.com/support/errata/RHSA-2011-0791.html
www.redhat.com/support/errata/RHSA-2011-0896.html
www.redhat.com/support/errata/RHSA-2011-0897.html
www.securityfocus.com/archive/1/514866/100/0/threaded
www.securityfocus.com/bid/45015
www.ubuntu.com/usn/USN-1048-1
www.vupen.com/english/advisories/2010/3047
www.vupen.com/english/advisories/2011/0203
bugzilla.redhat.com/show_bug.cgi?id=656246
exchange.xforce.ibmcloud.com/vulnerabilities/63422
marc.info/?l=bugtraq&m=139344343412337&w=2
Related
6 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.4%