4.3
MEDIUM

CVE-2010-4172

Published: 26/11/2010 Updated: 10/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

Vulnerability Summary

OS X security update 2011-006 for Tomcat (CVE-2010-4172)

It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain.

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

Apache Tomcat is a servlet container for the Java Servlet and JavaServerPages (JSP) technologies.It was found that web applications could modify the location of the Tomcathost's work directory. As web applications deployed on Tomcat have read andwrite access to this directory, a malicious web application could use thisflaw to trick Tomcat into giving it read and write access to an arbitrarydirectory on the file system. (CVE-2010-3718)A cross-site scripting (XSS) flaw was found in the Manager application,used for managing web applications on Tomcat. If a remote attacker couldtrick a user who is logged into the Manager application into visiting aspecially-crafted URL, the attacker could perform Manager application taskswith the privileges of the logged in user. (CVE-2010-4172)A second cross-site scripting (XSS) flaw was found in the Managerapplication. A malicious web application could use this flaw to conduct anXSS attack, leading to arbitrary web script execution with the privilegesof victims who are logged into and viewing Manager application web pages.(CVE-2011-0013)This update also fixes the following bugs:Users of Tomcat should upgrade to these updated packages, which containbackported patches to correct these issues. Tomcat must be restarted forthis update to take effect.

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Complexity: MEDIUM
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Affected Products

Vendor Product Versions
ApacheTomcat6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.24, 6.0.26, 6.0.27, 6.0.28, 6.0.29, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4

Vendor Advisories

It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote atta ...

Exploits

source: wwwsecurityfocuscom/bid/45015/info Apache Tomcat is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may let the a ...

References