Lucene search
K

95 matches found

RedHat Linux
RedHat Linux
added 2008/10/02 2:3 p.m.5 views

Tomcat host manager xss - name field

Cross-site scripting XSS vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter aka the hostname attribute to host-manager/html/add...

4.3CVSS6.2AI score0.09776EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2008/10/02 2:2 p.m.3 views

Tomcat host manager xss - name field

Cross-site scripting XSS vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter aka the hostname attribute to host-manager/html/add...

4.3CVSS6.2AI score0.09776EPSS
Exploits2References4
Apache Tomcat
Apache Tomcat
added 2008/09/08 12:0 a.m.66 views

Fixed in Apache Tomcat 5.5.27

Low: Cross-site scripting CVE-2008-1232 The message argument of HttpServletResponse.sendError call is not only displayed on the error page, but is also used for the reason-phrase of HTTP response. This may include characters that are illegal in HTTP headers. It is possible for a specially crafted...

5CVSS7.5AI score0.75865EPSS
Exploits5Affected Software1
RedHat Linux
RedHat Linux
added 2008/08/27 5:13 p.m.8 views

Tomcat host manager xss - name field

Cross-site scripting XSS vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter aka the hostname attribute to host-manager/html/add...

4.3CVSS6.2AI score0.09776EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2008/06/30 3:33 p.m.6 views

tomcat host manager XSS

Multiple cross-site scripting XSS vulnerabilities in the 1 Manager and 2 Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script o...

3.5CVSS5.8AI score0.03291EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2008/06/16 12:0 a.m.37 views

Debian DSA-1593-1 : tomcat5.5 - missing input sanitising

It was discovered that the Host Manager web application performed insufficient input sanitising, which could lead to cross-site scripting. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

4.3CVSS5.5AI score0.09776EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2008/06/11 12:0 a.m.33 views

Debian Security Advisory DSA 1593-1 (tomcat5.5)

The remote host is missing an update to tomcat5.5 announced via advisory DSA 1593-1. OpenVAS Vulnerability Test $Id: deb15931.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1593-1 tomcat5.5 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

4.3CVSS0.2AI score0.09776EPSS
Exploits2
OSV
OSV
added 2008/06/09 12:0 a.m.12 views

DSA-1593-1 tomcat5.5

Bulletin has no description...

4.3CVSS6.2AI score0.09776EPSS
Exploits2
seebug.org
seebug.org
added 2008/06/05 12:0 a.m.74 views

Apache Tomcat主机管理器跨站脚本漏洞

BUGTRAQ ID: 29502 CVECAN ID: CVE-2008-1947 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat的host-manager/html/add文件没有正确地过滤对name参数的输入便返回给了用户,这允许远程攻击者通过跨站脚本攻击在登录用户浏览器会话中执行任意HTML和脚本代码。 Apache Group Tomcat 6.0.0 - 6.0.16 Apache Group Tomcat 5.5.9 - 5.5.26 Apache Group ------------...

4.3CVSS7.5AI score0.09776EPSS
Exploits2
Prion
Prion
added 2008/06/04 7:32 p.m.25 views

Cross site scripting

Cross-site scripting XSS vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter aka the hostname attribute to host-manager/html/add...

4.3CVSS5.7AI score0.09776EPSS
Exploits2References52Affected Software1
UbuntuCve
UbuntuCve
added 2008/06/04 7:32 p.m.39 views

CVE-2008-1947

Cross-site scripting XSS vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter aka the hostname attribute to host-manager/html/add...

4.3CVSS6.3AI score0.09776EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2008/06/04 12:0 a.m.7 views

PT-2008-3473 · Apache +2 · Apache Tomcat +2

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 5.5.9 through 5.5.26 Apache Tomcat versions 6.0.0 through 6.0.16 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the name parameter also known as the...

7.5CVSS6.2AI score0.99708EPSS
Exploits34References91
Packet Storm
Packet Storm
added 2008/06/03 12:0 a.m.67 views

CVE-2008-1947.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-1947: Tomcat host-manager XSS vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 5.5.9 to 5.5.26 Tomcat 6.0.0 to 6.0.16 This issue has been fixed in the source repositories for each version and will b...

4.3CVSS7.5AI score0.09776EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.4 views

Apache Tomcat Host Manager cross-site scripting vulnerability

Overview Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. The Host Manager Servlet does not properly filter user...

4.3CVSS5.7AI score0.58956EPSS
Exploits2References13
RedHat Linux
RedHat Linux
added 2008/05/20 2:12 p.m.5 views

tomcat host manager XSS

Multiple cross-site scripting XSS vulnerabilities in the 1 Manager and 2 Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script o...

3.5CVSS5.8AI score0.03291EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/10/11 6:21 p.m.5 views

tomcat host manager xss

Cross-site scripting XSS vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action...

4.3CVSS5.9AI score0.58956EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2007/10/11 6:21 p.m.4 views

tomcat host manager XSS

Multiple cross-site scripting XSS vulnerabilities in the 1 Manager and 2 Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script o...

3.5CVSS5.8AI score0.03291EPSS
Exploits0References4
Cent OS
Cent OS
added 2007/09/28 8:11 a.m.84 views

tomcat5 security update

CentOS Errata and Security Advisory CESA-2007:0871 Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java...

4.3CVSS5.8AI score0.58956EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 2007/09/26 8:27 a.m.7 views

tomcat host manager xss

Cross-site scripting XSS vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action...

4.3CVSS5.9AI score0.58956EPSS
Exploits2References4
Apache Tomcat
Apache Tomcat
added 2007/09/08 12:0 a.m.72 views

Fixed in Apache Tomcat 5.5.25, 5.0.SVN

Low: Cross-site scripting CVE-2007-2449 JSPs within the examples web application did not escape user provided data before including it in the output. This enabled a XSS attack. These JSPs now filter the data before use. This issue may be mitigated by undeploying the examples web application. Note...

4.3CVSS6.2AI score0.77376EPSS
Exploits7Affected Software1
Rows per page
Query Builder