CVE-2011-0013
Apache Tomcat 5.5-5.5.31, 6.0-6.0.29, 7.0-7.0.5 - Cross-Site Scripting via Manager Interface Display-Name Tag
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
References (33)
Core 33
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0376
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1845.html
Patch x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=675786
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=136485229118404&w=2
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45022
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46174
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=132215163318824&w=2
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:030
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516209/30/90/threaded
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0897.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57126
Patch, Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0791.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43192
Various Sources x_refsource_confirm
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29
Exploit vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025026
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0896.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2160
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5002
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8093
Patch, Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=130168502603566&w=2
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=139344343412337&w=2
Vendor Advisory x_refsource_confirm
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
Scores
EPSS
0.1023
EPSS Percentile
95.2%
Details
CWE
CWE-79
Status
published
Products (50)
apache/tomcat
7.0.0
apache/tomcat
7.0.1
apache/tomcat
7.0.2
apache/tomcat
7.0.3
apache/tomcat
7.0.4
apache/tomcat
7.0.5
apache/tomcat
6.0
apache/tomcat
6.0.0
apache/tomcat
6.0.1
apache/tomcat
6.0.2
... and 40 more
Published
Feb 19, 2011
Tracked Since
Feb 18, 2026