Lucene search

K
ubuntuUbuntuUSN-1048-1
HistoryJan 24, 2011 - 12:00 a.m.

Tomcat vulnerability

2011-01-2400:00:00
ubuntu.com
40

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

85.4%

Releases

  • Ubuntu 10.10
  • Ubuntu 10.04
  • Ubuntu 9.10

Packages

  • tomcat6 -

Details

It was discovered that Tomcat did not properly escape certain parameters in
the Manager application which could result in browsers becoming vulnerable
to cross-site scripting attacks when processing the output. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data (such as
passwords), within the same domain.

Rows per page:
1-10 of 271

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

85.4%

Related for USN-1048-1