CVE-2010-4172
Published: 26 November 2010
Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
tomcat5 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(reached end-of-life)
|
| hardy |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
tomcat5.5 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Ignored
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| Binaries built from this source package are in Universe and so are supported by the community. | ||
|
tomcat6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Released
(6.0.20-2ubuntu2.3)
|
|
| lucid |
Released
(6.0.24-2ubuntu1.6)
|
|
| maverick |
Released
(6.0.28-2ubuntu1.1)
|
|
| natty |
Not vulnerable
(6.0.28-9)
|
|
| upstream |
Released
(6.0.30)
|
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1037779 (6.x) upstream: http://svn.apache.org/viewvc?view=revision&revision=1037778 (head) |
||