CVE-2011-0013

Apache Tomcat 5.5-5.5.31, 6.0-6.0.29, 7.0-7.0.5 - Cross-Site Scripting via Manager Interface Display-Name Tag

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

References (33)

Core 33
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0376
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1845.html
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136485229118404&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45022
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46174
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=132215163318824&w=2
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:030
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516209/30/90/threaded
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0897.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57126
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0791.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43192
Exploit vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025026
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0896.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2160
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5002
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8093
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=130168502603566&w=2
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=139344343412337&w=2

Scores

EPSS 0.1023
EPSS Percentile 95.2%

Details

CWE
CWE-79
Status published
Products (50)
apache/tomcat 7.0.0
apache/tomcat 7.0.1
apache/tomcat 7.0.2
apache/tomcat 7.0.3
apache/tomcat 7.0.4
apache/tomcat 7.0.5
apache/tomcat 6.0
apache/tomcat 6.0.0
apache/tomcat 6.0.1
apache/tomcat 6.0.2
... and 40 more
Published Feb 19, 2011
Tracked Since Feb 18, 2026