Computer Security
[EN] no-pyccku

Apache Tomcat crossite scripting
SecurityVulns ID:11269
Threat Level:
Description:Crossite srcripting in Manager application.
Affected:APACHE : Tomcat 6.0
 APACHE : Tomcat 7.0
CVE:CVE-2010-4172 (Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/, related to use of untrusted web applications.)
Original documentdocumentAPACHE, [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability (24.11.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod