CVE-2011-0013

Published: 18 February 2011

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Priority

Low

Status

Package Release Status
tomcat5
Launchpad, Ubuntu, Debian
Upstream Needs triage

tomcat5.5
Launchpad, Ubuntu, Debian
Upstream
Released (5.5.32)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1057518
Binaries built from this source package are in Universe and so are supported by the community.
tomcat6
Launchpad, Ubuntu, Debian
Upstream
Released (6.0.30)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1057270