Computer Security
[EN] securityvulns.ru no-pyccku


Apache Tomcat crossite scripting
Published:24.11.2010
Source:
SecurityVulns ID:11269
Type:remote
Threat Level:
5/10
Description:Crossite srcripting in Manager application.
Affected:APACHE : Tomcat 6.0
 APACHE : Tomcat 7.0
CVE:CVE-2010-4172 (Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.)
Original documentdocumentAPACHE, [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability (24.11.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod