4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
45.2%
Low: Cross-site scripting CVE-2011-0013
The HTML Manager interface displayed web application provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administrative user when viewing the manager pages.
This was fixed in revision 1057518.
This was identified by the Tomcat security team on 12 Nov 2010 and made public on 5 Feb 2011.
Affects: 5.5.0-5.5.31
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | ge | 5.5.0 | |
apache tomcat | le | 5.5.31 |