PT-2011-2012 · Apache+2 · Apache Tomcat+2

Published

2011-01-13

·

Updated

2023-02-13

·

CVE-2011-0013

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 5.5 before 5.5.32 Apache Tomcat versions 6.0 before 6.0.30 Apache Tomcat versions 7.0 before 7.0.6
Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to the execution of scripts by an administrative user when viewing the manager pages. This is possible because the HTML Manager interface displays web application-provided data, such as display names, without proper filtering.
Recommendations For Apache Tomcat version 5.5 before 5.5.32, update to version 5.5.32 or later. For Apache Tomcat version 6.0 before 6.0.30, update to version 6.0.30 or later. For Apache Tomcat version 7.0 before 7.0.6, update to version 7.0.6 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2011-0013
DSA-2160-1
GHSA-3P86-XGRQ-M6P6
HPSBUX02645
HPSBUX02725
HPSBUX02860
RHSA-2011:0791
RHSA-2011:0897
RHSA-2011:1845
RHSA-2011_0791
RHSA-2011_1845

Affected Products

Apache Tomcat
Hp-Ux
Red Hat