FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-0013

This CVE name corresponds to:

Entered Topic
2011-02-15 tomcat -- Cross-site scripting vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-0013 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-0013
Phase Assigned(20101207)

Description

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

References

Source Reference
BUGTRAQ 20110205 [SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability
MISC https://bugzilla.redhat.com/show_bug.cgi?id=675786
CONFIRM http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32
CONFIRM http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30
CONFIRM http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_(released_14_Jan_2011)
CONFIRM http://support.apple.com/kb/HT5002
CONFIRM http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
APPLE APPLE-SA-2011-10-12-3
DEBIAN DSA-2160
HP HPSBUX02725
HP SSRT100627
HP HPSBUX02860
HP SSRT101146
HP HPSBST02955
MANDRIVA MDVSA-2011:030
REDHAT RHSA-2011:0791
REDHAT RHSA-2011:0896
REDHAT RHSA-2011:0897
REDHAT RHSA-2011:1845
SUSE SUSE-SR:2011:005
BID 46174
OVAL oval:org.mitre.oval:def:12878
OVAL oval:org.mitre.oval:def:14945
OVAL oval:org.mitre.oval:def:19269
SECTRACK 1025026
SECUNIA 43192
SECUNIA 45022
SECUNIA 57126
SREASON 8093
VUPEN ADV-2011-0376

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.