CVE-2011-0013

Exploit

EPSS 32.49%
Published 19.02.2011 01:00:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Affected products Warnungen 0 Metrics 2 CWE 1 References 36

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Tomcat Version7.0.0

Apache ≫ Tomcat Version7.0.1

Apache ≫ Tomcat Version7.0.2

Apache ≫ Tomcat Version7.0.3

Apache ≫ Tomcat Version7.0.4

Apache ≫ Tomcat Version7.0.5

Apache ≫ Tomcat Version6.0

Apache ≫ Tomcat Version6.0.0

Apache ≫ Tomcat Version6.0.1

Apache ≫ Tomcat Version6.0.2

Apache ≫ Tomcat Version6.0.3

Apache ≫ Tomcat Version6.0.4

Apache ≫ Tomcat Version6.0.5

Apache ≫ Tomcat Version6.0.6

Apache ≫ Tomcat Version6.0.7

Apache ≫ Tomcat Version6.0.8

Apache ≫ Tomcat Version6.0.9

Apache ≫ Tomcat Version6.0.10

Apache ≫ Tomcat Version6.0.11

Apache ≫ Tomcat Version6.0.12

Apache ≫ Tomcat Version6.0.13

Apache ≫ Tomcat Version6.0.14

Apache ≫ Tomcat Version6.0.15

Apache ≫ Tomcat Version6.0.16

Apache ≫ Tomcat Version6.0.17

Apache ≫ Tomcat Version6.0.18

Apache ≫ Tomcat Version6.0.19

Apache ≫ Tomcat Version6.0.20

Apache ≫ Tomcat Version6.0.24

Apache ≫ Tomcat Version6.0.26

Apache ≫ Tomcat Version6.0.27

Apache ≫ Tomcat Version6.0.28

Apache ≫ Tomcat Version6.0.29

Apache ≫ Tomcat Version5.5.0

Apache ≫ Tomcat Version5.5.1

Apache ≫ Tomcat Version5.5.2

Apache ≫ Tomcat Version5.5.3

Apache ≫ Tomcat Version5.5.4

Apache ≫ Tomcat Version5.5.5

Apache ≫ Tomcat Version5.5.6

Apache ≫ Tomcat Version5.5.7

Apache ≫ Tomcat Version5.5.8

Apache ≫ Tomcat Version5.5.9

Apache ≫ Tomcat Version5.5.10

Apache ≫ Tomcat Version5.5.11

Apache ≫ Tomcat Version5.5.12

Apache ≫ Tomcat Version5.5.13

Apache ≫ Tomcat Version5.5.14

Apache ≫ Tomcat Version5.5.15

Apache ≫ Tomcat Version5.5.16

Apache ≫ Tomcat Version5.5.17

Apache ≫ Tomcat Version5.5.18

Apache ≫ Tomcat Version5.5.19

Apache ≫ Tomcat Version5.5.20

Apache ≫ Tomcat Version5.5.21

Apache ≫ Tomcat Version5.5.22

Apache ≫ Tomcat Version5.5.23

Apache ≫ Tomcat Version5.5.24

Apache ≫ Tomcat Version5.5.25

Apache ≫ Tomcat Version5.5.26

Apache ≫ Tomcat Version5.5.27

Apache ≫ Tomcat Version5.5.28

Apache ≫ Tomcat Version5.5.29

Apache ≫ Tomcat Version5.5.30

Apache ≫ Tomcat Version5.5.31

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	32.49%	0.967

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

http://marc.info/?l=bugtraq&m=139344343412337&w=2

http://secunia.com/advisories/57126

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://www.redhat.com/support/errata/RHSA-2011-0896.html

http://marc.info/?l=bugtraq&m=130168502603566&w=2

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

http://support.apple.com/kb/HT5002

http://www.redhat.com/support/errata/RHSA-2011-0897.html