FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tomcat -- Cross-site scripting vulnerability

Affected packages
5.5.0 < tomcat < 5.5.32
6.0.0 < tomcat < 6.0.30
7.0.0 < tomcat < 7.0.6

Details

VuXML ID 553ec4ed-38d6-11e0-94b1-000c29ba66d2
Discovery 2010-11-12
Entry 2011-02-15
Modified 2011-09-30

The Tomcat security team reports:

The HTML Manager interface displayed web applciation provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administartive user when viewing the manager pages.

References

CVE Name CVE-2011-0013
URL http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32
URL http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30
URL http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6