CVE-2009-0781

Apache Tomcat 4.1.0-4.1.39, 5.5.0-5.5.27, 6.0.0-6.0.18 - Cross-Site Scripting via Calendar Time Parameter

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

References (38)

Core 38
Core References
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-4.html
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=127420533226623&w=2
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2207
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136485229118404&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49213
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37460
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3056
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35788
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=133469267822771&w=2
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1856
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42368
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-6.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4077
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35685
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-5.html
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=129070310906557&w=2
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3316
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501538/100/0/threaded

Scores

EPSS 0.0912
EPSS Percentile 94.7%

Details

CWE
CWE-79
Status published
Products (48)
apache/tomcat 4.1.0
apache/tomcat 4.1.1
apache/tomcat 4.1.2
apache/tomcat 4.1.3 (2 CPE variants)
apache/tomcat 4.1.4
apache/tomcat 4.1.5
apache/tomcat 4.1.6
apache/tomcat 4.1.7
apache/tomcat 4.1.8
apache/tomcat 4.1.9 (2 CPE variants)
... and 38 more
Published Mar 09, 2009
Tracked Since Feb 18, 2026