4.3
MEDIUM

CVE-2011-0013

Published: 19/02/2011 Updated: 13/08/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Apache Tomcat contains a vulnerability that could allow an authenticated, remote attacker to conduct cross-site scripting attacks.

The vulnerability is due to improper sanitization of user-supplied input in the HTML Manager component. An authenticated, remote attacker could exploit the vulnerability by convincing a user to view a malicious web application in the administrative interface. If successful, the attacker could execute arbitrary script code in the user's browser session in the security context of the affected site.

Proof-of-concept code that exploits the vulnerability is publicly available.

Apache has confirmed the vulnerability and released updated software.

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Complexity: MEDIUM
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Affected Products

Vendor Product Versions
ApacheTomcat5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 5.5.6, 5.5.7, 5.5.8, 5.5.9, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.5.17, 5.5.18, 5.5.19, 5.5.20, 5.5.21, 5.5.22, 5.5.23, 5.5.24, 5.5.25, 5.5.26, 5.5.27, 5.5.28, 5.5.29, 5.5.30, 5.5.31, 6.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.24, 6.0.26, 6.0.27, 6.0.28, 6.0.29, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5

Mitigation

Administrators are advised to apply the appropriate updates.

Administrators are advised to restrict application access.

User are advised to log out of the administrative interface when it is not in use.

Users are advised not to open e-mail messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in e-mail messages are safe, they are advised not to open them.

Administrators are advised to monitor affected systems.

Exploitation

Successful exploitation requires the user to be authenticated to the affected component and hold administrative privileges, decreasing the likelihood of an exploit. In addition, the user must install a web application with a malicious name, further limiting the potential for exploitation.

To exploit the vulnerability, the attacker relies on user interaction. The attacker must convince a user to view a malicious web application in the HTML Manager interface. If successful, the attacker may be able to take actions as the user on the system.

Mailing Lists

References

CWE-79http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://marc.info/?l=bugtraq&m=130168502603566&w=2http://marc.info/?l=bugtraq&m=132215163318824&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://secunia.com/advisories/43192http://secunia.com/advisories/45022http://secunia.com/advisories/57126http://securityreason.com/securityalert/8093http://support.apple.com/kb/HT5002http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.htmlhttp://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_(released_14_Jan_2011)http://www.debian.org/security/2011/dsa-2160http://www.mandriva.com/security/advisories?name=MDVSA-2011:030http://www.redhat.com/support/errata/RHSA-2011-0791.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0896.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0897.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1845.htmlhttp://www.securityfocus.com/archive/1/516209/30/90/threadedhttp://www.securityfocus.com/bid/46174http://www.securitytracker.com/id?1025026http://www.vupen.com/english/advisories/2011/0376https://bugzilla.redhat.com/show_bug.cgi?id=675786https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269