github - ghsa-c78g-qwpw-2jgv

ghsa-c78g-qwpw-2jgv

Vulnerability from github

Published

2022-05-14 02:42

Modified

2024-03-05 19:11

Summary

Improper Neutralization of Input During Web Page Generation in Apache Tomcat

Details

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.12"
            },
            {
              "last_affected": "6.0.29"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2010-4172"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-08T18:47:13Z",
    "nvd_published_at": "2010-11-26T20:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.",
  "id": "GHSA-c78g-qwpw-2jgv",
  "modified": "2024-03-05T19:11:30Z",
  "published": "2022-05-14T02:42:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4172"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/5971f9392edc6d70808b2599b062b050fcd11d23"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=656246"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.5"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/support/errata/RHSA-2011-0896.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/support/errata/RHSA-2011-0897.html"
    },
    {
      "type": "WEB",
      "url": "https://www.securityfocus.com/archive/1/514866/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "https://www.ubuntu.com/usn/USN-1048-1"
    },
    {
      "type": "WEB",
      "url": "https://www.vupen.com/english/advisories/2010/3047"
    },
    {
      "type": "WEB",
      "url": "https://www.vupen.com/english/advisories/2011/0203"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Improper Neutralization of Input During Web Page Generation  in Apache Tomcat"
}

cve-2010-4172

Vulnerability from cvelistv5

Published

2010-11-26 19:00

Modified

2024-08-07 03:34

Severity

Summary

References

URL	Tags
http://www.ubuntu.com/usn/USN-1048-1	vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/42337	third-party-advisory, x_refsource_SECUNIA
http://svn.apache.org/viewvc?view=revision&revision=1037778	x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/514866/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/45022	third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/63422	vdb-entry, x_refsource_XF
http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=656246	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/3047	vdb-entry, x_refsource_VUPEN
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html	vendor-advisory, x_refsource_APPLE
http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0285.html	mailing-list, x_refsource_FULLDISC
http://www.redhat.com/support/errata/RHSA-2011-0897.html	vendor-advisory, x_refsource_REDHAT
http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
http://secunia.com/advisories/57126	third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2011-0791.html	vendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2011/0203	vdb-entry, x_refsource_VUPEN
http://securitytracker.com/id?1024764	vdb-entry, x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2011-0896.html	vendor-advisory, x_refsource_REDHAT
http://support.apple.com/kb/HT5002	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=139344343412337&w=2	vendor-advisory, x_refsource_HP
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html	x_refsource_CONFIRM
http://secunia.com/advisories/43019	third-party-advisory, x_refsource_SECUNIA
http://svn.apache.org/viewvc?view=revision&revision=1037779	x_refsource_CONFIRM
http://www.securityfocus.com/bid/45015	vdb-entry, x_refsource_BID

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website