Description
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Remediation
References
http://www.securityfocus.com/archive/1/516209/30/90/threaded
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30
https://bugzilla.redhat.com/show_bug.cgi?id=675786
http://www.securityfocus.com/bid/46174
http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32
http://www.securitytracker.com/id?1025026
http://www.vupen.com/english/advisories/2011/0376
http://www.debian.org/security/2011/dsa-2160
http://www.mandriva.com/security/advisories?name=MDVSA-2011:030
http://secunia.com/advisories/43192
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0791.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
http://securityreason.com/securityalert/8093
http://support.apple.com/kb/HT5002
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://secunia.com/advisories/45022
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
http://www.redhat.com/support/errata/RHSA-2011-1845.html
http://marc.info/?l=bugtraq&m=132215163318824&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/57126
http://marc.info/?l=bugtraq&m=130168502603566&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29
Related Vulnerabilities
CVE-2015-10005 Vulnerability in npm package markdown-it
CVE-2020-7780 Vulnerability in maven package com.softwaremill.akka-http-session:core_2.12
CVE-2023-34467 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livetable-ui
CVE-2021-3780 Vulnerability in npm package peertube
CVE-2016-8739 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-extension-providers