|
|
Subscribe / Log in / New account

tomcat: cross-site scripting

Package(s):tomcat6 CVE #(s):CVE-2010-4172
Created:January 24, 2011 Updated:May 19, 2011
Description: From the Ubuntu advisory:

It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain.

Alerts:
Gentoo 201206-24 tomcat 2012-06-24
Red Hat RHSA-2011:0791-01 tomcat6 2011-05-19
SUSE SUSE-SR:2011:003 gnutls, tomcat6, perl-CGI-Simple, pcsc-lite, obs-server, dhcp, java-1_6_0-openjdk, opera 2011-02-08
openSUSE openSUSE-SU-2011:0082-2 tomcat6 2011-02-03
openSUSE openSUSE-SU-2011:0082-1 tomcat6 2011-01-28
Ubuntu USN-1048-1 tomcat6 2011-01-24
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds