Showing 1 - 8 of 8

CVE-2010-4172

Status Candidate

Overview

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

Related Files

HP Security Bulletin HPSBST02955 2: Posted Mar 6, 2014; Authored by HP | Site hp.com; HP Security Bulletin HPSBST02955 2 - Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 2 of this advisory.; tags | advisory, vulnerability; advisories | CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2011-0013, CVE-2011-0534, CVE-2011-1184, CVE-2011-2204, CVE-2011-2481, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-5035, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064; MD5 | 89e81c1ac8b82e8cd63e41150737cbd9; Download | Favorite | View

HP Security Bulletin HPSBST02955: Posted Feb 26, 2014; Authored by HP | Site hp.com; HP Security Bulletin HPSBST02955 - Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 1 of this advisory.; tags | advisory, vulnerability; advisories | CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2011-0013, CVE-2011-0534, CVE-2011-1184, CVE-2011-2204, CVE-2011-2481, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-5035, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064; MD5 | 2c9338f86cc4928d8dbc40a966e7becf; Download | Favorite | View

Gentoo Linux Security Advisory 201206-24: Posted Jun 24, 2012; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201206-24 - Multiple vulnerabilities were found in Apache Tomcat, the worst of which allowing to read, modify and overwrite arbitrary files. Versions 5.5.34 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2010-4312, CVE-2011-0013, CVE-2011-0534, CVE-2011-1088, CVE-2011-1183, CVE-2011-1184, CVE-2011-1419, CVE-2011-1475, CVE-2011-1582, CVE-2011-2204, CVE-2011-2481, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-3375, CVE-2011-4858; MD5 | bbfac7a6ad2ab503ae26538e4d3ecc94; Download | Favorite | View

Apple Security Advisory 2011-10-12-3: Posted Oct 13, 2011; Authored by Apple | Site apple.com; Apple Security Advisory 2011-10-12-3 - OS X Lion has a security update available that addresses findings in Apache, a format string vulnerability in the Application Firewall, an arbitrary code execution vulnerability when viewing a malicious font via ATS, and 60+ other issues.; tags | advisory, arbitrary, code execution; systems | apple, osx; advisories | CVE-2009-4022, CVE-2010-0097, CVE-2010-1157, CVE-2010-1634, CVE-2010-2089, CVE-2010-2227, CVE-2010-3436, CVE-2010-3613, CVE-2010-3614, CVE-2010-3718, CVE-2010-4172, CVE-2010-4645, CVE-2011-0013, CVE-2011-0185, CVE-2011-0187, CVE-2011-0224, CVE-2011-0226, CVE-2011-0229, CVE-2011-0230, CVE-2011-0231, CVE-2011-0249, CVE-2011-0250, CVE-2011-0251, CVE-2011-0252, CVE-2011-0259, CVE-2011-0260, CVE-2011-0411, CVE-2011-0419; MD5 | 50a5772c2540863ea47a21c4c5193ca5; Download | Favorite | View

Red Hat Security Advisory 2011-0897-01: Posted Jun 24, 2011; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2011-0897-01 - JBoss Enterprise Web Server has been updated to mitigate multiple vulnerabilities such as cross site scripting, information leaks, and more.; tags | advisory, web, vulnerability, xss; systems | linux, redhat; advisories | CVE-2010-1157, CVE-2010-1452, CVE-2010-1623, CVE-2010-3718, CVE-2010-4172, CVE-2011-0013, CVE-2011-0419; MD5 | 9de54ad040c8eb936e10d927b269176f; Download | Favorite | View

Red Hat Security Advisory 2011-0896-01: Posted Jun 24, 2011; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2011-0896-01 - JBoss Enterprise Web Server has been updated to mitigate multiple vulnerabilities such as cross site scripting, information leaks, and more.; tags | advisory, web, vulnerability, xss; systems | linux, redhat; advisories | CVE-2008-7270, CVE-2009-3245, CVE-2009-3560, CVE-2009-3720, CVE-2009-3767, CVE-2010-1157, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-3718, CVE-2010-4172, CVE-2010-4180, CVE-2011-0013, CVE-2011-0419; MD5 | 5e2544d20fad08fc33f74eb54e65a77a; Download | Favorite | View

Ubuntu Security Notice USN-1048-1: Posted Jan 25, 2011; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1048-1 - It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain.; tags | advisory, remote, vulnerability, xss; systems | linux, ubuntu; advisories | CVE-2010-4172; MD5 | 654e2f198177969fbc247a4cd4ca89f8; Download | Favorite | View

Apache Tomcat Manager Cross Site Scripting: Posted Nov 23, 2010; Authored by Mark Thomas | Site tomcat.apache.org; The session list screen (provided by sessionList.jsp) in affected versions of Apache Tomcat Manager uses the orderBy and sort request parameters without applying filtering and therefore is vulnerable to a cross-site scripting attack. Versions 7.0.0 through 7.0.4 and 6.0.12 through 6.0.29 are affected.; tags | advisory, xss; advisories | CVE-2010-4172; MD5 | 315a8036e67802e9c0704e15dd03fd12; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 204 files
Ubuntu 47 files
malvuln 44 files
Gentoo 38 files
Geovanni Ruiz 11 files
Ron Jost 9 files
Google Security Research 8 files
Apple 8 files
Brian Rodriguez 7 files
Jim Becher 7 files

File Archives

Systems

AIX (421)
Apple (1,804)
BSD (368)
CentOS (53)
Cisco (1,906)
Debian (5,945)
Fedora (1,688)
FreeBSD (1,241)
Gentoo (4,093)
HPUX (873)
iOS (294)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (40,158)
Mac OS X (678)
Mandriva (3,105)
NetBSD (255)
OpenBSD (474)
RedHat (10,160)
Slackware (941)
Solaris (1,598)
SUSE (1,444)
Ubuntu (7,291)
UNIX (8,911)
UnixWare (180)
Windows (5,991)
Other

CVE-2010-4172

Overview

Related Files

File Archive:

June 2021

Top Authors In Last 30 Days

File Tags

File Archives

Systems