CVE-2011-0013 — Cross-site Scripting in Apache Tomcat

CWE-79 — Cross-site Scripting11 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

25.8%

top 3.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat

Timeline

PublishedFeb 19

Latest updateMay 3

Description

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat65 versions+64

Patches

Patch: tomcat.apache.org ↗Patch: tomcat.apache.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

Improper Neutralization of Input During Web Page Generation in Apache Tomcat↗2022-05-03

▶

OSV

Improper Neutralization of Input During Web Page Generation in Apache Tomcat↗2022-05-03

▶

CVEList

CVE-2011-0013: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5↗2011-02-18

▶

📋Vendor Advisories

Red Hat

libvirt: unintended firewall port exposure after restarting libvirtd when defining a bridged forward-mode network↗2011-12-09

▶

Ubuntu

Tomcat vulnerabilities↗2011-03-29

▶

Red Hat

tomcat: XSS vulnerability in HTML Manager interface↗2011-01-11

▶

💬Community

Bugzilla

CVE-2011-4288 CVE-2011-4290 moodle: several flaws fixed in 1.9.12↗2011-05-19

▶

Bugzilla

CVE-2011-0013 CVE-2010-3718 CVE-2011-0534 tomcat6 various flaws [fedora-all]↗2011-02-07

▶

Bugzilla

CVE-2011-0013 CVE-2010-3718 tomcat5 various flaws [fedora-all]↗2011-02-07

▶

Bugzilla

CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface↗2011-02-07

▶