PT-2011-2012 · Apache+2 · Apache Tomcat+2

Publicado

2011-01-13

·

Atualizado

2023-02-13

·

CVE-2011-0013

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 5.5 before 5.5.32 Apache Tomcat versions 6.0 before 6.0.30 Apache Tomcat versions 7.0 before 7.0.6
Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to the execution of scripts by an administrative user when viewing the manager pages. This is possible because the HTML Manager interface displays web application-provided data, such as display names, without proper filtering.
Recommendations For Apache Tomcat version 5.5 before 5.5.32, update to version 5.5.32 or later. For Apache Tomcat version 6.0 before 6.0.30, update to version 6.0.30 or later. For Apache Tomcat version 7.0 before 7.0.6, update to version 7.0.6 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2011-0013
DSA-2160-1
GHSA-3P86-XGRQ-M6P6
HPSBUX02645
HPSBUX02725
HPSBUX02860
RHSA-2011:0791
RHSA-2011:0897
RHSA-2011:1845
RHSA-2011_0791
RHSA-2011_1845

Produtos afetados

Apache Tomcat
Hp-Ux
Red Hat