Fixed in Apache Tomcat 6.0.30


**Low: Cross-site scripting** [CVE-2011-0013](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013>) The HTML Manager interface displayed web application provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administrative user when viewing the manager pages. This was fixed in [revision 1057270](<https://svn.apache.org/viewvc?view=rev&rev=1057270>). This was identified by the Tomcat security team on 12 Nov 2010 and made public on 5 Feb 2011. Affects: 6.0.0-6.0.29 **Moderate: Cross-site scripting** [CVE-2010-4172](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172>) The Manager application used the user provided parameters sort and orderBy directly without filtering thereby permitting cross-site scripting. This was fixed in [revision 1037779](<https://svn.apache.org/viewvc?view=rev&rev=1037779>). This was first reported to the Tomcat security team on 15 Nov 2010 and made public on 22 Nov 2010. Affects: 6.0.12-6.0.29 **Low: SecurityManager file permission bypass** [CVE-2010-3718](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718>) When running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the intermediate files generated when compiling JSPs to Servlets. The location of the work directory is specified by a ServletContect attribute that is meant to be read-only to web applications. However, due to a coding error, the read-only setting was not applied. Therefore, a malicious web application may modify the attribute before Tomcat applies the file permissions. This can be used to grant read/write permissions to any area on the file system which a malicious web application may then take advantage of. This vulnerability is only applicable when hosting web applications from untrusted sources such as shared hosting environments. This was fixed in [revision 1022560](<https://svn.apache.org/viewvc?view=rev&rev=1022560>). This was discovered by the Tomcat security team on 12 Oct 2010 and made public on 5 Feb 2011. Affects: 6.0.0-6.0.29

Affected Software

CPE Name Name Version
apache tomcat 6.0.0
apache tomcat 6.0.12
apache tomcat 6.0.29