CVE-2010-4172 - Vulnerability Details

- tomcat: cross-site-scripting vulnerability in the manager application

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

Published: 2010-11-26

Score: 4.3 Medium

EPSS: 11.9% Moderate

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:apache:tomcat:6.0.12:::::::*
	cpe:2.3:a:apache:tomcat:6.0.13:::::::*
	cpe:2.3:a:apache:tomcat:6.0.14:::::::*
	cpe:2.3:a:apache:tomcat:6.0.15:::::::*
	cpe:2.3:a:apache:tomcat:6.0.16:::::::*
	cpe:2.3:a:apache:tomcat:6.0.17:::::::*
	cpe:2.3:a:apache:tomcat:6.0.18:::::::*
	cpe:2.3:a:apache:tomcat:6.0.19:::::::*
	cpe:2.3:a:apache:tomcat:6.0.20:::::::*
	cpe:2.3:a:apache:tomcat:6.0.24:::::::*
	cpe:2.3:a:apache:tomcat:6.0.26:::::::*
	cpe:2.3:a:apache:tomcat:6.0.27:::::::*
	cpe:2.3:a:apache:tomcat:6.0.28:::::::*
	cpe:2.3:a:apache:tomcat:6.0.29:::::::*
	cpe:2.3:a:apache:tomcat:7.0.0:::::::*
	cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
	cpe:2.3:a:apache:tomcat:7.0.1:::::::*
	cpe:2.3:a:apache:tomcat:7.0.2:::::::*
	cpe:2.3:a:apache:tomcat:7.0.3:::::::*
	cpe:2.3:a:apache:tomcat:7.0.4:::::::*

Package	CPE	Advisory	Released Date
JBEWS 1.0 for RHEL 4
ant-0:1.7.1-13.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
antlr-0:2.7.7-7.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
bcel-0:5.2-8.1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
cglib-0:2.2-5.1.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
dom4j-0:1.6.1-11.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
ecj-1:3.3.1.1-3.2.2.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
glassfish-jaf-0:1.1.0-6.1.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
glassfish-javamail-0:1.4.2-0.4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
glassfish-jsf-0:1.2_13-2.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-1:3.3.2-1.5.GA_CP04.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-annotations-0:3.4.0-3.3.GA_CP04.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-commons-annotations-0:3.1.0-1.8.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-ejb-persistence-3.0-api-1:1.0.2-3.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-entitymanager-0:3.4.0-4.3.GA_CP04.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
httpd22-0:2.2.17-14.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-beanutils-0:1.8.0-4.1.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-chain-0:1.2-2.2.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-codec-0:1.3-9.1.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-collections-0:3.2.1-4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-1:1.0.5-1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-jsvc-1:1.0.5-1.4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-dbcp-0:1.2.1-16.4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-digester-0:1.8.1-8.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-el-0:1.0-19.2.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-fileupload-1:1.1.1-7.4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-httpclient-1:3.1-1.1.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-io-0:1.4-1.3.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-launcher-0:1.1-4.6.1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-0:1.1.1-0.4.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-jboss-0:1.1-10.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-modeler-0:2.0-4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-pool-0:1.3-11.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-validator-0:1.3.1-7.5.1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-oro-0:2.0.8-3.3.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-taglibs-standard-0:1.1.1-9.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
javassist-0:3.12.0-1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-core-0:2.2.17-1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-jdk-0:2.1.2-1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-spi-0:2.1.2-1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-javaee-0:5.0.1-2.9.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jcommon-0:1.0.16-1.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jfreechart-0:1.0.13-2.3.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
log4j-0:1.2.14-18.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-0:1.0.10-2.GA_CP01.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-native-0:1.0.10-2.GA_CP01.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_jk-0:1.2.31-1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
mx4j-1:3.0.1-9.3.4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
objectweb-asm-0:3.1-5.3.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
regexp-0:1.5-1.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
struts12-0:1.2.9-3.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat5-0:5.5.33-14_patch_04.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat6-0:6.0.32-15_patch_03.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-jkstatus-ant-0:1.2.31-2.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-native-0:1.1.20-2.0.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
xalan-j2-0:2.7.1-5.3_patch_04.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
xerces-j2-0:2.9.1-3.patch01.1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
xml-commons-1:1.3.04-7.12.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
Red Hat Enterprise Linux 6
tomcat6-0:6.0.24-33.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2011:0791	2011-05-19T00:00:00Z
Red Hat JBoss Enterprise Web Server 1 for RHEL 5
ant-0:1.7.1-13.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
antlr-0:2.7.7-7.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
cglib-0:2.2-5.1.1.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
dom4j-0:1.6.1-11.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
ecj3-1:3.3.1.1-3.1.1.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
glassfish-jsf-0:1.2_13-3.1.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-1:3.3.2-1.4.GA_CP04.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-annotations-0:3.4.0-3.2.GA_CP04.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-commons-annotations-0:3.1.0-1.8.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-ejb-persistence-3.0-api-1:1.0.2-3.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-entitymanager-0:3.4.0-4.3.GA_CP04.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
httpd-0:2.2.17-11.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-beanutils-0:1.8.0-4.1.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-chain-0:1.2-2.2.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-codec-0:1.3-9.2.1.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-collections-0:3.2.1-4.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-1:1.0.5-1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-jsvc-1:1.0.5-1.4.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-dbcp-0:1.2.1-16.4.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-digester-0:1.8.1-8.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-fileupload-1:1.1.1-7.4.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-httpclient-1:3.1-1.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-io-0:1.4-1.3.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-0:1.1.1-0.4.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-jboss-0:1.1-10.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-pool-0:1.3-11.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-validator-0:1.3.1-7.5.2.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-oro-0:2.0.8-3.3.2.1.1.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-taglibs-standard-0:1.1.1-9.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
javassist-0:3.12.0-1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-core-0:2.2.17-1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-jdk-0:2.1.2-1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-spi-0:2.1.2-1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-javaee-0:5.0.1-2.9.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jcommon-0:1.0.16-1.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jfreechart-0:1.0.13-2.3.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-0:1.0.10-2.1.GA_CP01.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-native-0:1.0.10-2.1.GA_CP01.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_jk-0:1.2.31-1.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
objectweb-asm-0:3.1-5.3.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
struts12-0:1.2.9-3.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat5-0:5.5.33-16_patch_04.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat6-0:6.0.32-15.1_patch_03.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-jkstatus-ant-0:1.2.31-2.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-native-0:1.1.20-2.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
xalan-j2-0:2.7.1-5.3_patch_04.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
xerces-j2-0:2.9.1-3.patch01.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
xml-commons-0:1.3.04-7.10.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
Red Hat JBoss Enterprise Web Server 1 for RHEL 6
ant-0:1.7.1-14.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
antlr-0:2.7.7-7.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
cglib-0:2.2-5.4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
dom4j-0:1.6.1-11.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
ecj3-1:3.3.1.1-4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
glassfish-jsf-0:1.2_13-3.1.4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-1:3.3.2-1.8.GA_CP04.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-annotations-0:3.4.0-3.5.GA_CP04.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-commons-annotations-0:3.1.0-1.8.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-ejb-persistence-3.0-api-1:1.0.2-3.3.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-entitymanager-0:3.4.0-4.4.GA_CP04.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
httpd-0:2.2.17-11.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-beanutils-0:1.8.0-9.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-chain-0:1.2-2.2.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-codec-0:1.3-12.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-collections-0:3.2.1-4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-1:1.0.5-1.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-jsvc-1:1.0.5-1.4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-dbcp-0:1.2.1-16.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-digester-0:1.8.1-8.1.1.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-fileupload-1:1.1.1-7.5.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-httpclient-1:3.1-1.2.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-io-0:1.4-4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-0:1.1.1-1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-jboss-0:1.1-10.2.2.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-pool-0:1.3-15.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-validator-0:1.3.1-7.5.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-oro-0:2.0.8-7.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-taglibs-standard-0:1.1.1-12.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
javassist-0:3.12.0-3.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-core-0:2.2.17-1.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-jdk-0:2.1.2-1.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-spi-0:2.1.2-1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-javaee-0:5.0.1-2.9.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jcommon-0:1.0.16-1.2.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jfreechart-0:1.0.13-2.3.2.1.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-0:1.0.10-2.2.GA_CP01.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-native-0:1.0.10-2.1.1.GA_CP01.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_jk-0:1.2.31-1.1.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
objectweb-asm31-0:3.1-12.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
struts12-0:1.2.9-3.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat5-0:5.5.33-15_patch_04.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat6-0:6.0.32-14_patch_03.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-jkstatus-ant-0:1.2.31-2.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-native-0:1.1.20-2.1.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
xalan-j2-0:2.7.1-5.3_patch_04.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
xerces-j2-0:2.9.1-8.patch01.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
xml-commons-0:1.3.04-7.14.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
Red Hat JBoss Web Server 1.0
	cpe:/a:redhat:jboss_enterprise_web_server:1.0	RHSA-2011:0896	2011-06-22T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-c78g-qwpw-2jgv	Improper Neutralization of Input During Web Page Generation in Apache Tomcat
Ubuntu USN	USN-1048-1	Tomcat vulnerability

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.11901.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0285.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/42337
http://secunia.com/advisories/43019
http://secunia.com/advisories/45022
http://secunia.com/advisories/57126
http://securitytracker.com/id?1024764
http://support.apple.com/kb/HT5002
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
http://svn.apache.org/viewvc?view=revision&revision=1037778
http://svn.apache.org/viewvc?view=revision&revision=1037779
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.redhat.com/support/errata/RHSA-2011-0791.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
http://www.securityfocus.com/archive/1/514866/100/0/threaded
http://www.securityfocus.com/bid/45015
http://www.ubuntu.com/usn/USN-1048-1
http://www.vupen.com/english/advisories/2010/3047
http://www.vupen.com/english/advisories/2011/0203
https://bugzilla.redhat.com/show_bug.cgi?id=656246
https://exchange.xforce.ibmcloud.com/vulnerabilities/63422
https://nvd.nist.gov/vuln/detail/CVE-2010-4172
https://www.cve.org/CVERecord?id=CVE-2010-4172

History

No history.

Subscriptions

Apache Tomcat

Redhat Enterprise Linux Jboss Enterprise Web Server

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-11-26T19:00:00.000Z

Updated: 2024-08-07T03:34:37.407Z

Reserved: 2010-11-04T00:00:00.000Z

Link: CVE-2010-4172

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-11-26T20:00:04.750

Modified: 2026-04-29T01:13:23.040

Link: CVE-2010-4172

Redhat

Severity : Moderate

Publid Date: 2010-11-22T00:00:00Z

Links: CVE-2010-4172 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

Tracking

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object