Showing 1 - 8 of 8

CVE-2010-4172

Status Candidate

Overview

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

Related Files

HP Security Bulletin HPSBST02955 2: Posted Mar 6, 2014; Authored by HP | Site hp.com; HP Security Bulletin HPSBST02955 2 - Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 2 of this advisory.; tags | advisory, vulnerability; advisories | CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2011-0013, CVE-2011-0534, CVE-2011-1184, CVE-2011-2204, CVE-2011-2481, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-5035, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064; MD5 | 89e81c1ac8b82e8cd63e41150737cbd9; Download | Favorite | Comments (0)

HP Security Bulletin HPSBST02955: Posted Feb 26, 2014; Authored by HP | Site hp.com; HP Security Bulletin HPSBST02955 - Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 1 of this advisory.; tags | advisory, vulnerability; advisories | CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2011-0013, CVE-2011-0534, CVE-2011-1184, CVE-2011-2204, CVE-2011-2481, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-5035, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064; MD5 | 2c9338f86cc4928d8dbc40a966e7becf; Download | Favorite | Comments (0)

Gentoo Linux Security Advisory 201206-24: Posted Jun 24, 2012; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201206-24 - Multiple vulnerabilities were found in Apache Tomcat, the worst of which allowing to read, modify and overwrite arbitrary files. Versions 5.5.34 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2010-4312, CVE-2011-0013, CVE-2011-0534, CVE-2011-1088, CVE-2011-1183, CVE-2011-1184, CVE-2011-1419, CVE-2011-1475, CVE-2011-1582, CVE-2011-2204, CVE-2011-2481, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-3375, CVE-2011-4858; MD5 | bbfac7a6ad2ab503ae26538e4d3ecc94; Download | Favorite | Comments (0)

Apple Security Advisory 2011-10-12-3: Posted Oct 13, 2011; Authored by Apple | Site apple.com; Apple Security Advisory 2011-10-12-3 - OS X Lion has a security update available that addresses findings in Apache, a format string vulnerability in the Application Firewall, an arbitrary code execution vulnerability when viewing a malicious font via ATS, and 60+ other issues.; tags | advisory, arbitrary, code execution; systems | apple, osx; advisories | CVE-2009-4022, CVE-2010-0097, CVE-2010-1157, CVE-2010-1634, CVE-2010-2089, CVE-2010-2227, CVE-2010-3436, CVE-2010-3613, CVE-2010-3614, CVE-2010-3718, CVE-2010-4172, CVE-2010-4645, CVE-2011-0013, CVE-2011-0185, CVE-2011-0187, CVE-2011-0224, CVE-2011-0226, CVE-2011-0229, CVE-2011-0230, CVE-2011-0231, CVE-2011-0249, CVE-2011-0250, CVE-2011-0251, CVE-2011-0252, CVE-2011-0259, CVE-2011-0260, CVE-2011-0411, CVE-2011-0419; MD5 | 50a5772c2540863ea47a21c4c5193ca5; Download | Favorite | Comments (0)

Red Hat Security Advisory 2011-0897-01: Posted Jun 24, 2011; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2011-0897-01 - JBoss Enterprise Web Server has been updated to mitigate multiple vulnerabilities such as cross site scripting, information leaks, and more.; tags | advisory, web, vulnerability, xss; systems | linux, redhat; advisories | CVE-2010-1157, CVE-2010-1452, CVE-2010-1623, CVE-2010-3718, CVE-2010-4172, CVE-2011-0013, CVE-2011-0419; MD5 | 9de54ad040c8eb936e10d927b269176f; Download | Favorite | Comments (0)

Red Hat Security Advisory 2011-0896-01: Posted Jun 24, 2011; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2011-0896-01 - JBoss Enterprise Web Server has been updated to mitigate multiple vulnerabilities such as cross site scripting, information leaks, and more.; tags | advisory, web, vulnerability, xss; systems | linux, redhat; advisories | CVE-2008-7270, CVE-2009-3245, CVE-2009-3560, CVE-2009-3720, CVE-2009-3767, CVE-2010-1157, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-3718, CVE-2010-4172, CVE-2010-4180, CVE-2011-0013, CVE-2011-0419; MD5 | 5e2544d20fad08fc33f74eb54e65a77a; Download | Favorite | Comments (0)

Ubuntu Security Notice USN-1048-1: Posted Jan 25, 2011; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1048-1 - It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain.; tags | advisory, remote, vulnerability, xss; systems | linux, ubuntu; advisories | CVE-2010-4172; MD5 | 654e2f198177969fbc247a4cd4ca89f8; Download | Favorite | Comments (0)

Apache Tomcat Manager Cross Site Scripting: Posted Nov 23, 2010; Authored by Mark Thomas | Site tomcat.apache.org; The session list screen (provided by sessionList.jsp) in affected versions of Apache Tomcat Manager uses the orderBy and sort request parameters without applying filtering and therefore is vulnerable to a cross-site scripting attack. Versions 7.0.0 through 7.0.4 and 6.0.12 through 6.0.29 are affected.; tags | advisory, xss; advisories | CVE-2010-4172; MD5 | 315a8036e67802e9c0704e15dd03fd12; Download | Favorite | Comments (0)

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 96 files
Ubuntu 57 files
Debian 19 files
ZwX 11 files
Apple 7 files
hyp3rlinx 6 files
Google Security Research 6 files
Luis Martinez 5 files
sajjadbnd 5 files
LiquidWorm 5 files

File Archives

Systems

AIX (416)
Apple (1,694)
BSD (360)
Cisco (1,878)
Debian (5,894)
Fedora (1,686)
FreeBSD (1,234)
Gentoo (3,733)
HPUX (870)
iOS (227)
iPhone (107)
IRIX (220)
Juniper (67)
Linux (36,556)
Mac OS X (659)
Mandriva (3,105)
NetBSD (255)
OpenBSD (464)
RedHat (7,921)
Slackware (928)
Solaris (1,584)
SUSE (1,444)
Ubuntu (6,472)
UNIX (8,562)
UnixWare (177)
Windows (5,569)
Other

CVE-2010-4172

Overview

Related Files

File Archive:

December 2019

Top Authors In Last 30 Days

File Tags

File Archives

Systems