4.3
CVSSv2

CVE-2011-0013

Published: 19/02/2011 Updated: 25/03/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 prior to 5.5.32, 6.0 prior to 6.0.30, and 7.0 prior to 7.0.6 allow remote malicious users to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Affected Products

Vendor Product Versions
ApacheTomcat5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 5.5.6, 5.5.7, 5.5.8, 5.5.9, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.5.17, 5.5.18, 5.5.19, 5.5.20, 5.5.21, 5.5.22, 5.5.23, 5.5.24, 5.5.25, 5.5.26, 5.5.27, 5.5.28, 5.5.29, 5.5.30, 5.5.31, 6.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.24, 6.0.26, 6.0.27, 6.0.28, 6.0.29, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5

Vendor Advisories

Synopsis Moderate: tomcat5 security update Type/Severity Security Advisory: Moderate Topic Updated tomcat5 packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabili ...
An attacker could send crafted input to Tomcat and cause it to crash or read and write arbitrary files ...
Several vulnerabilities were discovered in the Tomcat Servlet and JSP engine: CVE-2010-3718 It was discovered that the SecurityManager insufficiently restricted the working directory CVE-2011-0013 It was discovered that the HTML manager interface is affected by cross-site scripting CVE-2011-0534 It was discovered that N ...
IntelligenceCenter uses a version of Tomcat that has several publicly documented vulnerabilities The most severe vulnerability allows an attacker to mount a denial of service attack or to obtain sensitive information by using a specially crafted header ...

Mailing Lists

Apache Tomcat Manager suffers from a cross site scripting vulnerability Versions 700 through 705, 600 through 6029, and 550 through 5531 are affected ...

References

CWE-79http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://marc.info/?l=bugtraq&m=130168502603566&w=2http://marc.info/?l=bugtraq&m=132215163318824&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://secunia.com/advisories/43192http://secunia.com/advisories/45022http://secunia.com/advisories/57126http://securityreason.com/securityalert/8093http://support.apple.com/kb/HT5002http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.htmlhttp://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_(released_14_Jan_2011)http://www.debian.org/security/2011/dsa-2160http://www.mandriva.com/security/advisories?name=MDVSA-2011:030http://www.redhat.com/support/errata/RHSA-2011-0791.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0896.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0897.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1845.htmlhttp://www.securityfocus.com/archive/1/516209/30/90/threadedhttp://www.securityfocus.com/bid/46174http://www.securitytracker.com/id?1025026http://www.vupen.com/english/advisories/2011/0376https://bugzilla.redhat.com/show_bug.cgi?id=675786https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269https://www.rapid7.com/db/vulnerabilities/apple-osx-tomcat-cve-2011-0013http://tools.cisco.com/security/center/viewAlert.x?alertId=22368https://nvd.nist.govhttps://usn.ubuntu.com/1097-1/