95 matches found
Tomcat host manager xss - name field
Cross-site scripting XSS vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter aka the hostname attribute to host-manager/html/add...
Tomcat host manager xss - name field
Cross-site scripting XSS vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter aka the hostname attribute to host-manager/html/add...
Fixed in Apache Tomcat 5.5.27
Low: Cross-site scripting CVE-2008-1232 The message argument of HttpServletResponse.sendError call is not only displayed on the error page, but is also used for the reason-phrase of HTTP response. This may include characters that are illegal in HTTP headers. It is possible for a specially crafted...
Tomcat host manager xss - name field
Cross-site scripting XSS vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter aka the hostname attribute to host-manager/html/add...
tomcat host manager XSS
Multiple cross-site scripting XSS vulnerabilities in the 1 Manager and 2 Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script o...
Debian DSA-1593-1 : tomcat5.5 - missing input sanitising
It was discovered that the Host Manager web application performed insufficient input sanitising, which could lead to cross-site scripting. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
Debian Security Advisory DSA 1593-1 (tomcat5.5)
The remote host is missing an update to tomcat5.5 announced via advisory DSA 1593-1. OpenVAS Vulnerability Test $Id: deb15931.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1593-1 tomcat5.5 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
DSA-1593-1 tomcat5.5
Bulletin has no description...
Apache Tomcat主机管理器跨站脚本漏洞
BUGTRAQ ID: 29502 CVECAN ID: CVE-2008-1947 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat的host-manager/html/add文件没有正确地过滤对name参数的输入便返回给了用户,这允许远程攻击者通过跨站脚本攻击在登录用户浏览器会话中执行任意HTML和脚本代码。 Apache Group Tomcat 6.0.0 - 6.0.16 Apache Group Tomcat 5.5.9 - 5.5.26 Apache Group ------------...
Cross site scripting
Cross-site scripting XSS vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter aka the hostname attribute to host-manager/html/add...
CVE-2008-1947
Cross-site scripting XSS vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter aka the hostname attribute to host-manager/html/add...
PT-2008-3473 · Apache +2 · Apache Tomcat +2
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 5.5.9 through 5.5.26 Apache Tomcat versions 6.0.0 through 6.0.16 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the name parameter also known as the...
CVE-2008-1947.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-1947: Tomcat host-manager XSS vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 5.5.9 to 5.5.26 Tomcat 6.0.0 to 6.0.16 This issue has been fixed in the source repositories for each version and will b...
Apache Tomcat Host Manager cross-site scripting vulnerability
Overview Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. The Host Manager Servlet does not properly filter user...
tomcat host manager XSS
Multiple cross-site scripting XSS vulnerabilities in the 1 Manager and 2 Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script o...
tomcat host manager xss
Cross-site scripting XSS vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action...
tomcat host manager XSS
Multiple cross-site scripting XSS vulnerabilities in the 1 Manager and 2 Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script o...
tomcat5 security update
CentOS Errata and Security Advisory CESA-2007:0871 Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java...
tomcat host manager xss
Cross-site scripting XSS vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action...
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
Low: Cross-site scripting CVE-2007-2449 JSPs within the examples web application did not escape user provided data before including it in the output. This enabled a XSS attack. These JSPs now filter the data before use. This issue may be mitigated by undeploying the examples web application. Note...