4.3
MEDIUM

CVE-2009-0781

Published: 09/03/2009 Updated: 10/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Complexity: MEDIUM
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Affected Products

Vendor Product Versions
ApacheTomcat4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.1.15, 4.1.16, 4.1.17, 4.1.18, 4.1.19, 4.1.20, 4.1.21, 4.1.22, 4.1.23, 4.1.24, 4.1.25, 4.1.26, 4.1.27, 4.1.28, 4.1.29, 4.1.30, 4.1.31, 4.1.32, 4.1.33, 4.1.34, 4.1.35, 4.1.36, 4.1.37, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 5.5.6, 5.5.7, 5.5.8, 5.5.9, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.5.17, 5.5.18, 5.5.19, 5.5.20, 5.5.21, 5.5.22, 5.5.23, 5.5.24, 5.5.25, 5.5.26, 6.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16

Mailing Lists

References

CWE-79http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlhttp://marc.info/?l=bugtraq&m=127420533226623&w=2http://marc.info/?l=bugtraq&m=129070310906557&w=2http://marc.info/?l=bugtraq&m=133469267822771&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://secunia.com/advisories/35685http://secunia.com/advisories/35788http://secunia.com/advisories/37460http://secunia.com/advisories/42368http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1http://support.apple.com/kb/HT4077http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://www.debian.org/security/2011/dsa-2207http://www.mandriva.com/security/advisories?name=MDVSA-2009:136http://www.mandriva.com/security/advisories?name=MDVSA-2009:138http://www.securityfocus.com/archive/1/501538/100/0/threadedhttp://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2009/1856http://www.vupen.com/english/advisories/2009/3316http://www.vupen.com/english/advisories/2010/3056https://exchange.xforce.ibmcloud.com/vulnerabilities/49213https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html