exploit the possibilities
Showing 1 - 8 of 8 RSS Feed

CVE-2010-4172

Status Candidate

Overview

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

Related Files

HP Security Bulletin HPSBST02955 2
Posted Mar 6, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02955 2 - Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2011-0013, CVE-2011-0534, CVE-2011-1184, CVE-2011-2204, CVE-2011-2481, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-5035, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064
MD5 | 89e81c1ac8b82e8cd63e41150737cbd9
HP Security Bulletin HPSBST02955
Posted Feb 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02955 - Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2011-0013, CVE-2011-0534, CVE-2011-1184, CVE-2011-2204, CVE-2011-2481, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-5035, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064
MD5 | 2c9338f86cc4928d8dbc40a966e7becf
Gentoo Linux Security Advisory 201206-24
Posted Jun 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-24 - Multiple vulnerabilities were found in Apache Tomcat, the worst of which allowing to read, modify and overwrite arbitrary files. Versions 5.5.34 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2010-4312, CVE-2011-0013, CVE-2011-0534, CVE-2011-1088, CVE-2011-1183, CVE-2011-1184, CVE-2011-1419, CVE-2011-1475, CVE-2011-1582, CVE-2011-2204, CVE-2011-2481, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-3375, CVE-2011-4858
MD5 | bbfac7a6ad2ab503ae26538e4d3ecc94
Apple Security Advisory 2011-10-12-3
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-3 - OS X Lion has a security update available that addresses findings in Apache, a format string vulnerability in the Application Firewall, an arbitrary code execution vulnerability when viewing a malicious font via ATS, and 60+ other issues.

tags | advisory, arbitrary, code execution
systems | apple, osx
advisories | CVE-2009-4022, CVE-2010-0097, CVE-2010-1157, CVE-2010-1634, CVE-2010-2089, CVE-2010-2227, CVE-2010-3436, CVE-2010-3613, CVE-2010-3614, CVE-2010-3718, CVE-2010-4172, CVE-2010-4645, CVE-2011-0013, CVE-2011-0185, CVE-2011-0187, CVE-2011-0224, CVE-2011-0226, CVE-2011-0229, CVE-2011-0230, CVE-2011-0231, CVE-2011-0249, CVE-2011-0250, CVE-2011-0251, CVE-2011-0252, CVE-2011-0259, CVE-2011-0260, CVE-2011-0411, CVE-2011-0419
MD5 | 50a5772c2540863ea47a21c4c5193ca5
Red Hat Security Advisory 2011-0897-01
Posted Jun 24, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0897-01 - JBoss Enterprise Web Server has been updated to mitigate multiple vulnerabilities such as cross site scripting, information leaks, and more.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2010-1157, CVE-2010-1452, CVE-2010-1623, CVE-2010-3718, CVE-2010-4172, CVE-2011-0013, CVE-2011-0419
MD5 | 9de54ad040c8eb936e10d927b269176f
Red Hat Security Advisory 2011-0896-01
Posted Jun 24, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0896-01 - JBoss Enterprise Web Server has been updated to mitigate multiple vulnerabilities such as cross site scripting, information leaks, and more.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2008-7270, CVE-2009-3245, CVE-2009-3560, CVE-2009-3720, CVE-2009-3767, CVE-2010-1157, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-3718, CVE-2010-4172, CVE-2010-4180, CVE-2011-0013, CVE-2011-0419
MD5 | 5e2544d20fad08fc33f74eb54e65a77a
Ubuntu Security Notice USN-1048-1
Posted Jan 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1048-1 - It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2010-4172
MD5 | 654e2f198177969fbc247a4cd4ca89f8
Apache Tomcat Manager Cross Site Scripting
Posted Nov 23, 2010
Authored by Mark Thomas | Site tomcat.apache.org

The session list screen (provided by sessionList.jsp) in affected versions of Apache Tomcat Manager uses the orderBy and sort request parameters without applying filtering and therefore is vulnerable to a cross-site scripting attack. Versions 7.0.0 through 7.0.4 and 6.0.12 through 6.0.29 are affected.

tags | advisory, xss
advisories | CVE-2010-4172
MD5 | 315a8036e67802e9c0704e15dd03fd12
Page 1 of 1
Back1Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    1 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    21 Files
  • 27
    Jul 27th
    8 Files
  • 28
    Jul 28th
    9 Files
  • 29
    Jul 29th
    12 Files
  • 30
    Jul 30th
    9 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close