Exploit the possiblities
Showing 1 - 10 of 10 RSS Feed

CVE-2009-0781

Status Candidate

Overview

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

Related Files

HP Security Bulletin HPSBUX02860 SSRT101146
Posted Apr 1, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02860 SSRT101146 - Potential security vulnerabilities have been identified with HP-UX Apache running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass, unauthorized modification, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4476, CVE-2011-0013, CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-4858, CVE-2012-0022, CVE-2012-5885
MD5 | de5adbf8e77d688a211ab5701c07611d
Gentoo Linux Security Advisory 201206-24
Posted Jun 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-24 - Multiple vulnerabilities were found in Apache Tomcat, the worst of which allowing to read, modify and overwrite arbitrary files. Versions 5.5.34 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2010-4312, CVE-2011-0013, CVE-2011-0534, CVE-2011-1088, CVE-2011-1183, CVE-2011-1184, CVE-2011-1419, CVE-2011-1475, CVE-2011-1582, CVE-2011-2204, CVE-2011-2481, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-3375, CVE-2011-4858
MD5 | bbfac7a6ad2ab503ae26538e4d3ecc94
HP Security Bulletin HPSBOV02762 SSRT100825
Posted Apr 17, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02762 SSRT100825 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, privilege escalation, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
advisories | CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2009-3555, CVE-2010-1157, CVE-2010-4476, CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190
MD5 | 92bbc76cd42571f4ab7d96f0c2e36a15
Debian Security Advisory 2207-1
Posted Mar 30, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2207-1 - Various vulnerabilities have been discovered in the Tomcat Servlet and JSP engine, resulting in denial of service, cross-site scripting, information disclosure and WAR file traversal.

tags | advisory, denial of service, vulnerability, xss, info disclosure
systems | linux, debian
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2902, CVE-2010-1157, CVE-2010-2227
MD5 | 6bec4db988045ba080c6c60dbc0997dd
HP Security Bulletin HPSBMA02535 SSRT100029
Posted May 19, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP Performance Manager. The vulnerabilities could be exploited remotely to allow unauthorized access, cross site scripting (XSS), and Denial of Service (DoS).

tags | advisory, denial of service, vulnerability, xss
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548
MD5 | 8a5f518a33c1ac9f347dcd3fe0375a5e
HP Security Bulletin HPSBUX02466 SSRT090192
Posted Oct 23, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Tomcat-based Servlet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Tomcat-based Servlet Engine is contained in the Apache Web Server Suite.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783
MD5 | 7712102cc4871d06359e668b9b35fd26
Mandriva Linux Security Advisory 2009-163
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-163 - Multiple security vulnerabilities has been identified and fixed in tomcat5. These range from denial of service to cross site scripting issues. The updated packages have been patched to prevent this. Additionally Apache Tomcat has been upgraded to the latest 5.5.27 version for MES5.

tags | advisory, denial of service, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783
MD5 | c82a99d3a3e6f7d510337ab5e982f914
Mandriva Linux Security Advisory 2009-138
Posted Jun 23, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-138 - Multiple security vulnerabilities have been identified and fixed in tomcat5. These problems range from cross site scripting to directory traversal issues. The updated packages have been patched to prevent this. Additionally, Apache Tomcat has been upgraded to the latest 5.5.27 version for 2009.0.

tags | advisory, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783
MD5 | eb749c054c40c8d36705f2fe8e09b456
Ubuntu Security Notice 788-1
Posted Jun 15, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-788-1 - Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a temporary denial of service. D. Matscheko and T. Hackner discovered that Tomcat did not properly handle malformed URL encoding of passwords when FORM authentication is used. A remote attacker could exploit this in order to enumerate valid usernames. Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. Philippe Prados discovered that Tomcat allowed web applications to replace the XML parser used by other web applications. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files.

tags | advisory, java, remote, web, denial of service, local, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783
MD5 | bc1b230d16aa5648a4fdd15ad3fd1766
Apache Tomcat Cross Site Scripting
Posted Mar 6, 2009
Authored by Deniz Cevik | Site tomcat.apache.org

The calendar application for Apache Tomcat contains invalid HTML which renders the cross site scripting protection for the time parameter ineffective. An attacker can therefore perform an cross site scripting attack using the time attribute. Version affected include Tomcat 6.0.0 to 6.0.18, Tomcat 5.5.0 to 5.5.27, and Tomcat 4.1.0 to 4.1.39.

tags | exploit, xss
advisories | CVE-2009-0781
MD5 | 4e4b4059d442851979d1c803c67cdf2f
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close