4.3 - CVE-2011-0013

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2011-0013	First vendor Publication	2011-02-18
Vendor	Cve	Last vendor Modification	2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12878

Oval ID:	oval:org.mitre.oval:def:12878
Title:	HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description:	Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2011-0013	Version:	13
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02645 HP Release B.11.23 AND hpuxws22TOMCAT.TOMCAT version is less than B.5.5.30.04 OR Criteria meets HP Security Bulletin HPSBUX02645 HP-UX B.11.31 AND filesets tests hpuxwsAPACHE.APACHE version is less than B.2.2.15.05 AND hpuxwsAPACHE.APACHE2 version is less than B.2.2.15.05 AND hpuxwsAPACHE.AUTH_LDAP version is less than B.2.2.15.05 AND hpuxwsAPACHE.AUTH_LDAP2 version is less than B.2.2.15.05 AND hpuxwsAPACHE.MOD_JK version is less than B.2.2.15.05 AND hpuxwsAPACHE.MOD_JK2 version is less than B.2.2.15.05 AND hpuxwsAPACHE.MOD_PERL version is less than B.2.2.15.05 AND hpuxwsAPACHE.MOD_PERL2 version is less than B.2.2.15.05 AND hpuxwsAPACHE.PHP version is less than B.2.2.15.05 AND hpuxwsAPACHE.WEBPROXY version is less than B.2.2.15.05 AND hpuxwsAPACHE.PHP2 version is less than B.2.2.15.05 OR Criteria meets HP Security Bulletin HPSBUX02645 HP Release B.11.11 AND hpuxws22TOMCAT.TOMCAT version is less than B.5.5.30.04 OR Criteria meets HP Security Bulletin HPSBUX02645 HP Release B.11.23 AND filesets tests hpuxwsAPCH32.APACHE version is less than B.2.0.64.01 AND hpuxwsAPCH32.APACHE2 version is less than B.2.0.64.01 AND hpuxwsAPCH32.AUTH_LDAP version is less than B.2.0.64.01 AND hpuxwsAPCH32.AUTH_LDAP2 version is less than B.2.0.64.01 AND hpuxwsAPCH32.MOD_JK version is less than B.2.0.64.01 AND hpuxwsAPCH32.MOD_JK2 version is less than B.2.0.64.01 AND hpuxwsAPCH32.MOD_PERL version is less than B.2.0.64.01 AND hpuxwsAPCH32.MOD_PERL2 version is less than B.2.0.64.01 AND hpuxwsAPCH32.PHP version is less than B.2.0.64.01 AND hpuxwsAPCH32.WEBPROXY version is less than B.2.0.64.01 AND hpuxwsAPCH32.PHP2 version is less than B.2.0.64.01 OR Criteria meets HP Security Bulletin HPSBUX02645 HP-UX B.11.31 AND hpuxws22TOMCAT.TOMCAT version is less than B.5.5.30.04 OR Criteria meets HP Security Bulletin HPSBUX02645 HP Release B.11.23 AND hpuxws22TOMCAT.TOMCAT version is less than B.5.5.30.04 OR Criteria meets HP Security Bulletin HPSBUX02645 HP-UX B.11.31 AND hpuxws22TOMCAT.TOMCAT version is less than B.5.5.30.04 OR Criteria meets HP Security Bulletin HPSBUX02645 HP Release B.11.11 AND filesets tests hpuxwsAPACHE.APACHE version is less than B.2.0.64.01 AND hpuxwsAPACHE.APACHE2 version is less than B.2.0.64.01 AND hpuxwsAPACHE.AUTH_LDAP version is less than B.2.0.64.01 AND hpuxwsAPACHE.AUTH_LDAP2 version is less than B.2.0.64.01 AND hpuxwsAPACHE.MOD_JK version is less than B.2.0.64.01 AND hpuxwsAPACHE.MOD_JK2 version is less than B.2.0.64.01 AND hpuxwsAPACHE.MOD_PERL version is less than B.2.0.64.01 AND hpuxwsAPACHE.MOD_PERL2 version is less than B.2.0.64.01 AND hpuxwsAPACHE.WEBPROXY version is less than B.2.0.64.01 AND hpuxwsAPACHE.PHP version is less than B.2.0.64.01 AND hpuxwsAPACHE.PHP2 version is less than B.2.0.64.01 OR Criteria meets HP Security Bulletin HPSBUX02645 HP Release B.11.23 AND filesets tests hpuxwsAPACHE.APACHE version is less than B.2.2.15.05 AND hpuxwsAPACHE.APACHE2 version is less than B.2.2.15.05 AND hpuxwsAPACHE.AUTH_LDAP version is less than B.2.2.15.05 AND hpuxwsAPACHE.AUTH_LDAP2 version is less than B.2.2.15.05 AND hpuxwsAPACHE.MOD_JK version is less than B.2.2.15.05 AND hpuxwsAPACHE.MOD_JK2 version is less than B.2.2.15.05 AND hpuxwsAPACHE.MOD_PERL version is less than B.2.2.15.05 AND hpuxwsAPACHE.MOD_PERL2 version is less than B.2.2.15.05 AND hpuxwsAPACHE.WEBPROXY version is less than B.2.2.15.05 AND hpuxwsAPACHE.PHP version is less than B.2.2.15.05 AND hpuxwsAPACHE.PHP2 version is less than B.2.2.15.05 OR Criteria meets HP Security Bulletin HPSBUX02645 HP-UX B.11.31 AND filesets tests hpuxwsAPCH32.APACHE version is less than B.2.0.64.01 AND hpuxwsAPCH32.APACHE2 version is less than B.2.0.64.01 AND hpuxwsAPCH32.AUTH_LDAP version is less than B.2.0.64.01 AND hpuxwsAPCH32.AUTH_LDAP2 version is less than B.2.0.64.01 AND hpuxwsAPCH32.MOD_JK version is less than B.2.0.64.01 AND hpuxwsAPCH32.MOD_JK2 version is less than B.2.0.64.01 AND hpuxwsAPCH32.MOD_PERL version is less than B.2.0.64.01 AND hpuxwsAPCH32.MOD_PERL2 version is less than B.2.0.64.01 AND hpuxwsAPCH32.WEBPROXY version is less than B.2.0.64.01 AND hpuxwsAPCH32.PHP version is less than B.2.0.64.01 AND hpuxwsAPCH32.PHP2 version is less than B.2.0.64.01

Definition Id: oval:org.mitre.oval:def:14945

Oval ID:	oval:org.mitre.oval:def:14945
Title:	HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description:	Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2011-0013	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP Release B.11.23 AND HP-UX B.11.31 AND hpuxws22TOMCAT.TOMCAT version is less than B.5.5.34.01

Definition Id: oval:org.mitre.oval:def:19269

Oval ID:	oval:org.mitre.oval:def:19269
Title:	HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description:	Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2011-0013	Version:	12
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP Release B.11.23 AND HP-UX B.11.31 AND hpuxws22TOMCAT.TOMCAT version is less than B.5.5.36.01

Definition Id: oval:org.mitre.oval:def:21956

Oval ID:	oval:org.mitre.oval:def:21956
Title:	RHSA-2011:0791: tomcat6 security and bug fix update (Moderate)
Description:	Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family:	unix	Class:	patch
Reference(s):	RHSA-2011:0791-01 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013	Version:	42
Platform(s):	Red Hat Enterprise Linux 6	Product(s):	tomcat6
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section tomcat6-jsp-2.1-api is earlier than 0:6.0.24-33.el6 AND tomcat6-webapps is earlier than 0:6.0.24-33.el6 AND tomcat6-lib is earlier than 0:6.0.24-33.el6 AND tomcat6-docs-webapp is earlier than 0:6.0.24-33.el6 AND tomcat6-javadoc is earlier than 0:6.0.24-33.el6 AND tomcat6-el-2.1-api is earlier than 0:6.0.24-33.el6 AND tomcat6-admin-webapps is earlier than 0:6.0.24-33.el6 AND tomcat6-servlet-2.5-api is earlier than 0:6.0.24-33.el6 AND tomcat6 is earlier than 0:6.0.24-33.el6

Definition Id: oval:org.mitre.oval:def:23523

Oval ID:	oval:org.mitre.oval:def:23523
Title:	ELSA-2011:0791: tomcat6 security and bug fix update (Moderate)
Description:	Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family:	unix	Class:	patch
Reference(s):	ELSA-2011:0791-01 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013	Version:	17
Platform(s):	Oracle Linux 6	Product(s):	tomcat6
Definition Synopsis:
Oracle Linux 6.x rpm test tomcat6-jsp-2.1-api is earlier than 0:6.0.24-33.el6 AND tomcat6-webapps is earlier than 0:6.0.24-33.el6 AND tomcat6-lib is earlier than 0:6.0.24-33.el6 AND tomcat6-docs-webapp is earlier than 0:6.0.24-33.el6 AND tomcat6-javadoc is earlier than 0:6.0.24-33.el6 AND tomcat6-el-2.1-api is earlier than 0:6.0.24-33.el6 AND tomcat6-admin-webapps is earlier than 0:6.0.24-33.el6 AND tomcat6-servlet-2.5-api is earlier than 0:6.0.24-33.el6 AND tomcat6 is earlier than 0:6.0.24-33.el6

Definition Id: oval:org.mitre.oval:def:28146

Oval ID:	oval:org.mitre.oval:def:28146
Title:	DEPRECATED: ELSA-2011-0791 -- tomcat6 security and bug fix update (moderate)
Description:	[6.0.24-33] - resolves: rhbz 695284 - multiple instances logging fiasco [6.0.24-32] - Resolves: rhbz 698624 - inet4address can't be cast to String [6.0.24-31] - Resolves: rhbz 656403 - cve-2010-4172 jsp syntax error [6.0.24-30] - Resolves: rhbz#697504 initscript logging location [6.0.24-29] - Resolves: rhbz#656403, rhbz#675926, rhbz#676011 - CVE-2010-4172, CVE-2010-3718, CVE-2011-0013, CVE-2010-4476, - CVE-2011-0534 [6.0.24-28] - Resovles rhbz#695284 - wrapper logs to different locations - CVE-2010-4172, CVE-2011-0013, CVE-2010-3718 commented out - until needed. [6.0.24-27] - naming-factory-dbcp missing fix in tomcat6.conf - Add Obsoletes for log4j [6.0.24-26] - Add log4j to package lib. Corrected typo in log4 Provides - epock versus epoch [6.0.24-25] - Installed permissions do not allow tomcat to start - incrementing NVR so yum won't get confused with the zstream
Family:	unix	Class:	patch
Reference(s):	ELSA-2011-0791 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	tomcat6
Definition Synopsis:
Oracle Linux 6.x Packages match section tomcat6 is earlier than 0:6.0.24-33.el6 AND tomcat6-admin-webapps is earlier than 0:6.0.24-33.el6 AND tomcat6-docs-webapp is earlier than 0:6.0.24-33.el6 AND tomcat6-el-2.1-api is earlier than 0:6.0.24-33.el6 AND tomcat6-javadoc is earlier than 0:6.0.24-33.el6 AND tomcat6-jsp-2.1-api is earlier than 0:6.0.24-33.el6 AND tomcat6-lib is earlier than 0:6.0.24-33.el6 AND tomcat6-servlet-2.5-api is earlier than 0:6.0.24-33.el6 AND tomcat6-webapps is earlier than 0:6.0.24-33.el6

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Tomcat cpe:2.3:a:apache:tomcat:7.0.5:::::::* cpe:2.3:a:apache:tomcat:7.0.4:::::::* cpe:2.3:a:apache:tomcat:7.0.3:::::::* cpe:2.3:a:apache:tomcat:7.0.2:::::::* cpe:2.3:a:apache:tomcat:7.0.1:::::::* cpe:2.3:a:apache:tomcat:7.0.0:::::::* cpe:2.3:a:apache:tomcat:6.0.9:::::::* cpe:2.3:a:apache:tomcat:6.0.8:::::::* cpe:2.3:a:apache:tomcat:6.0.7:::::::* cpe:2.3:a:apache:tomcat:6.0.6:::::::* cpe:2.3:a:apache:tomcat:6.0.5:::::::* cpe:2.3:a:apache:tomcat:6.0.4:::::::* cpe:2.3:a:apache:tomcat:6.0.3:::::::* cpe:2.3:a:apache:tomcat:6.0.29:::::::* cpe:2.3:a:apache:tomcat:6.0.28:::::::* cpe:2.3:a:apache:tomcat:6.0.27:::::::* cpe:2.3:a:apache:tomcat:6.0.26:::::::* cpe:2.3:a:apache:tomcat:6.0.24:::::::* cpe:2.3:a:apache:tomcat:6.0.20:::::::* cpe:2.3:a:apache:tomcat:6.0.2:::::::* cpe:2.3:a:apache:tomcat:6.0.19:::::::* cpe:2.3:a:apache:tomcat:6.0.18:::::::* cpe:2.3:a:apache:tomcat:6.0.17:::::::* cpe:2.3:a:apache:tomcat:6.0.16:::::::* cpe:2.3:a:apache:tomcat:6.0.15:::::::* cpe:2.3:a:apache:tomcat:6.0.14:::::::* cpe:2.3:a:apache:tomcat:6.0.13:::::::* cpe:2.3:a:apache:tomcat:6.0.12:::::::* cpe:2.3:a:apache:tomcat:6.0.11:::::::* cpe:2.3:a:apache:tomcat:6.0.10:::::::* cpe:2.3:a:apache:tomcat:6.0.1:::::::* cpe:2.3:a:apache:tomcat:6.0.0:::::::* cpe:2.3:a:apache:tomcat:6.0:::::::* cpe:2.3:a:apache:tomcat:5.5.9:::::::* cpe:2.3:a:apache:tomcat:5.5.8:::::::* cpe:2.3:a:apache:tomcat:5.5.7:::::::* cpe:2.3:a:apache:tomcat:5.5.6:::::::* cpe:2.3:a:apache:tomcat:5.5.5:::::::* cpe:2.3:a:apache:tomcat:5.5.4:::::::* cpe:2.3:a:apache:tomcat:5.5.31:::::::* cpe:2.3:a:apache:tomcat:5.5.30:::::::* cpe:2.3:a:apache:tomcat:5.5.3:::::::* cpe:2.3:a:apache:tomcat:5.5.29:::::::* cpe:2.3:a:apache:tomcat:5.5.28:::::::* cpe:2.3:a:apache:tomcat:5.5.27:::::::* cpe:2.3:a:apache:tomcat:5.5.26:::::::* cpe:2.3:a:apache:tomcat:5.5.25:::::::* cpe:2.3:a:apache:tomcat:5.5.24:::::::* cpe:2.3:a:apache:tomcat:5.5.23:::::::* cpe:2.3:a:apache:tomcat:5.5.22:::::::* cpe:2.3:a:apache:tomcat:5.5.21:::::::* cpe:2.3:a:apache:tomcat:5.5.20:::::::* cpe:2.3:a:apache:tomcat:5.5.2:::::::* cpe:2.3:a:apache:tomcat:5.5.19:::::::* cpe:2.3:a:apache:tomcat:5.5.18:::::::* cpe:2.3:a:apache:tomcat:5.5.17:::::::* cpe:2.3:a:apache:tomcat:5.5.16:::::::* cpe:2.3:a:apache:tomcat:5.5.15:::::::* cpe:2.3:a:apache:tomcat:5.5.14:::::::* cpe:2.3:a:apache:tomcat:5.5.13:::::::* cpe:2.3:a:apache:tomcat:5.5.12:::::::* cpe:2.3:a:apache:tomcat:5.5.11:::::::* cpe:2.3:a:apache:tomcat:5.5.10:::::::* cpe:2.3:a:apache:tomcat:5.5.1:::::::* cpe:2.3:a:apache:tomcat:5.5.0:::::::*	65

OpenVAS Exploits

Date	Description
2012-08-10	Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat) File : nvt/glsa_201206_24.nasl
2012-07-30	Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64 File : nvt/gb_CESA-2011_1845_tomcat5_centos5_x86_64.nasl
2012-06-06	Name : RedHat Update for tomcat6 RHSA-2011:0791-01 File : nvt/gb_RHSA-2011_0791-01_tomcat6.nasl
2011-12-23	Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 i386 File : nvt/gb_CESA-2011_1845_tomcat5_centos5_i386.nasl
2011-12-23	Name : RedHat Update for tomcat5 RHSA-2011:1845-01 File : nvt/gb_RHSA-2011_1845-01_tomcat5.nasl
2011-10-21	Name : Fedora Update for tomcat6 FEDORA-2011-13457 File : nvt/gb_fedora_2011_13457_tomcat6_fc14.nasl
2011-10-20	Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl
2011-05-05	Name : HP-UX Update for Apache Web Server HPSBUX02645 File : nvt/gb_hp_ux_HPSBUX02645.nasl
2011-04-01	Name : Ubuntu Update for tomcat6 vulnerabilities USN-1097-1 File : nvt/gb_ubuntu_USN_1097_1.nasl
2011-03-07	Name : Debian Security Advisory DSA 2160-1 (tomcat6) File : nvt/deb_2160_1.nasl
2011-03-05	Name : FreeBSD Ports: tomcat55 File : nvt/freebsd_tomcat55.nasl
2011-02-22	Name : Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5) File : nvt/gb_mandriva_MDVSA_2011_030.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
71557	Apache Tomcat HTML Manager Multiple XSS The HTML Manager Interface in Apache Tomcat contains multiple flaws that allow a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to the display-name tag before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Description

71557

Apache Tomcat HTML Manager Multiple XSS

The HTML Manager Interface in Apache Tomcat contains multiple flaws that allow a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to the display-name tag before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Nessus® Vulnerability Scanner

Date	Description
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_tomcat6-110211.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1845.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110519_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111220_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-06-25	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-24.nasl - Type : ACT_GATHER_INFO
2011-12-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO
2011-12-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO
2011-10-21	Name : The remote Fedora host is missing a security update. File : fedora_2011-13457.nasl - Type : ACT_GATHER_INFO
2011-10-13	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO
2011-05-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0791.nasl - Type : ACT_GATHER_INFO
2011-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_2_tomcat6-110211.nasl - Type : ACT_GATHER_INFO
2011-03-30	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1097-1.nasl - Type : ACT_GATHER_INFO
2011-03-18	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12687.nasl - Type : ACT_GATHER_INFO
2011-03-03	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7337.nasl - Type : ACT_GATHER_INFO
2011-02-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-030.nasl - Type : ACT_GATHER_INFO
2011-02-16	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_553ec4ed38d611e094b1000c29ba66d2.nasl - Type : ACT_GATHER_INFO
2011-02-14	Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_6_0_30.nasl - Type : ACT_GATHER_INFO
2011-02-14	Name : The remote web server is affected by a cross-site scripting vulnerability. File : tomcat_7_0_6.nasl - Type : ACT_GATHER_INFO
2011-02-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2160.nasl - Type : ACT_GATHER_INFO
2011-02-11	Name : The remote web server is affected by a cross-site scripting vulnerability. File : tomcat_5_5_32.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BID	http://www.securityfocus.com/bid/46174
BUGTRAQ	http://www.securityfocus.com/archive/1/516209/30/90/threaded
CONFIRM	http://support.apple.com/kb/HT5002 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_50985... http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32 http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30
DEBIAN	http://www.debian.org/security/2011/dsa-2160
HP	http://marc.info/?l=bugtraq&m=130168502603566&w=2 http://marc.info/?l=bugtraq&m=132215163318824&w=2 http://marc.info/?l=bugtraq&m=136485229118404&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w=2
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2011:030
MISC	http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28rele... https://bugzilla.redhat.com/show_bug.cgi?id=675786 https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efb... https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c8... https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471... https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca45...
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT	http://www.redhat.com/support/errata/RHSA-2011-0791.html http://www.redhat.com/support/errata/RHSA-2011-0896.html http://www.redhat.com/support/errata/RHSA-2011-0897.html http://www.redhat.com/support/errata/RHSA-2011-1845.html
SECTRACK	http://www.securitytracker.com/id?1025026
SECUNIA	http://secunia.com/advisories/43192 http://secunia.com/advisories/45022 http://secunia.com/advisories/57126
SREASON	http://securityreason.com/securityalert/8093
SUSE	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
VUPEN	http://www.vupen.com/english/advisories/2011/0376

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-02-13 09:29:00	Multiple Updates
2023-02-02 17:28:12	Multiple Updates
2021-05-04 12:13:43	Multiple Updates
2021-04-22 01:14:52	Multiple Updates
2020-05-23 00:27:29	Multiple Updates
2019-03-25 17:18:57	Multiple Updates
2019-03-21 21:19:09	Multiple Updates
2019-03-19 12:03:58	Multiple Updates
2018-08-14 00:19:29	Multiple Updates
2017-09-19 09:24:07	Multiple Updates
2016-08-23 09:24:41	Multiple Updates
2016-04-26 20:26:49	Multiple Updates
2014-06-14 13:29:59	Multiple Updates
2014-03-18 13:22:00	Multiple Updates
2014-03-08 13:21:39	Multiple Updates
2014-02-17 10:59:14	Multiple Updates
2014-02-12 13:22:06	Multiple Updates
2013-12-05 17:19:06	Multiple Updates
2013-11-15 13:19:50	Multiple Updates
2013-06-05 13:19:30	Multiple Updates
2013-05-10 22:51:39	Multiple Updates
2012-11-07 05:19:57	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	6
CPE ID(s)	65
Sources(s)	33
osvdb(s)	1
Openvas Exploit(s)	12
Nessus® Exploit(s)	20

	Related
7.5	HPSBUX02860 SSR...
7.5	HPSBUX02725 SSR...
7.5	GLSA-201206-24
5	USN-1097-1
5	RHSA-2011:1845
5	HPSBUX02645 SSR...
5	DSA-2160
4.3	RHSA-2011:0791
4.3	MDVSA-2011:030
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 9 more Alert(s)