CVE-2009-0781
Apache Tomcat 4.1.0-4.1.39, 5.5.0-5.5.27, 6.0.0-6.0.18 - Cross-Site Scripting via Calendar Time Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
References (38)
Core 38
Core References
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-4.html
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=127420533226623&w=2
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2207
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=136485229118404&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49213
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37460
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3056
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35788
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=133469267822771&w=2
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1856
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42368
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-6.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4077
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35685
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-5.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=129070310906557&w=2
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3316
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501538/100/0/threaded
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
Scores
EPSS
0.0912
EPSS Percentile
94.7%
Details
CWE
CWE-79
Status
published
Products (48)
apache/tomcat
4.1.0
apache/tomcat
4.1.1
apache/tomcat
4.1.2
apache/tomcat
4.1.3 (2 CPE variants)
apache/tomcat
4.1.4
apache/tomcat
4.1.5
apache/tomcat
4.1.6
apache/tomcat
4.1.7
apache/tomcat
4.1.8
apache/tomcat
4.1.9 (2 CPE variants)
... and 38 more
Published
Mar 09, 2009
Tracked Since
Feb 18, 2026