CVE-2010-4172 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Tomcat
Redhat	Enterprise Linux Jboss Enterprise Web Server

Configuration 1 [-]

OR	cpe:2.3:a:apache:tomcat:6.0.12:::::::*
	cpe:2.3:a:apache:tomcat:6.0.13:::::::*
	cpe:2.3:a:apache:tomcat:6.0.14:::::::*
	cpe:2.3:a:apache:tomcat:6.0.15:::::::*
	cpe:2.3:a:apache:tomcat:6.0.16:::::::*
	cpe:2.3:a:apache:tomcat:6.0.17:::::::*
	cpe:2.3:a:apache:tomcat:6.0.18:::::::*
	cpe:2.3:a:apache:tomcat:6.0.19:::::::*
	cpe:2.3:a:apache:tomcat:6.0.20:::::::*
	cpe:2.3:a:apache:tomcat:6.0.24:::::::*
	cpe:2.3:a:apache:tomcat:6.0.26:::::::*
	cpe:2.3:a:apache:tomcat:6.0.27:::::::*
	cpe:2.3:a:apache:tomcat:6.0.28:::::::*
	cpe:2.3:a:apache:tomcat:6.0.29:::::::*
	cpe:2.3:a:apache:tomcat:7.0.0:::::::*
	cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
	cpe:2.3:a:apache:tomcat:7.0.1:::::::*
	cpe:2.3:a:apache:tomcat:7.0.2:::::::*
	cpe:2.3:a:apache:tomcat:7.0.3:::::::*
	cpe:2.3:a:apache:tomcat:7.0.4:::::::*

Package	CPE	Advisory	Released Date
JBEWS 1.0 for RHEL 4
ant-0:1.7.1-13.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
antlr-0:2.7.7-7.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
bcel-0:5.2-8.1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
cglib-0:2.2-5.1.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
dom4j-0:1.6.1-11.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
ecj-1:3.3.1.1-3.2.2.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
glassfish-jaf-0:1.1.0-6.1.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
glassfish-javamail-0:1.4.2-0.4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
glassfish-jsf-0:1.2_13-2.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-1:3.3.2-1.5.GA_CP04.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-annotations-0:3.4.0-3.3.GA_CP04.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-commons-annotations-0:3.1.0-1.8.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-ejb-persistence-3.0-api-1:1.0.2-3.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-entitymanager-0:3.4.0-4.3.GA_CP04.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
httpd22-0:2.2.17-14.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-beanutils-0:1.8.0-4.1.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-chain-0:1.2-2.2.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-codec-0:1.3-9.1.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-collections-0:3.2.1-4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-1:1.0.5-1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-jsvc-1:1.0.5-1.4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-dbcp-0:1.2.1-16.4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-digester-0:1.8.1-8.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-el-0:1.0-19.2.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-fileupload-1:1.1.1-7.4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-httpclient-1:3.1-1.1.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-io-0:1.4-1.3.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-launcher-0:1.1-4.6.1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-0:1.1.1-0.4.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-jboss-0:1.1-10.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-modeler-0:2.0-4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-pool-0:1.3-11.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-validator-0:1.3.1-7.5.1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-oro-0:2.0.8-3.3.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-taglibs-standard-0:1.1.1-9.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
javassist-0:3.12.0-1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-core-0:2.2.17-1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-jdk-0:2.1.2-1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-spi-0:2.1.2-1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-javaee-0:5.0.1-2.9.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jcommon-0:1.0.16-1.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jfreechart-0:1.0.13-2.3.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
log4j-0:1.2.14-18.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-0:1.0.10-2.GA_CP01.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-native-0:1.0.10-2.GA_CP01.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_jk-0:1.2.31-1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
mx4j-1:3.0.1-9.3.4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
objectweb-asm-0:3.1-5.3.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
regexp-0:1.5-1.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
struts12-0:1.2.9-3.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat5-0:5.5.33-14_patch_04.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat6-0:6.0.32-15_patch_03.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-jkstatus-ant-0:1.2.31-2.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-native-0:1.1.20-2.0.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
xalan-j2-0:2.7.1-5.3_patch_04.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
xerces-j2-0:2.9.1-3.patch01.1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
xml-commons-1:1.3.04-7.12.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
Red Hat Enterprise Linux 6
tomcat6-0:6.0.24-33.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2011:0791	2011-05-19T00:00:00Z
Red Hat JBoss Enterprise Web Server 1 for RHEL 5
ant-0:1.7.1-13.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
antlr-0:2.7.7-7.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
cglib-0:2.2-5.1.1.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
dom4j-0:1.6.1-11.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
ecj3-1:3.3.1.1-3.1.1.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
glassfish-jsf-0:1.2_13-3.1.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-1:3.3.2-1.4.GA_CP04.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-annotations-0:3.4.0-3.2.GA_CP04.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-commons-annotations-0:3.1.0-1.8.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-ejb-persistence-3.0-api-1:1.0.2-3.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-entitymanager-0:3.4.0-4.3.GA_CP04.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
httpd-0:2.2.17-11.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-beanutils-0:1.8.0-4.1.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-chain-0:1.2-2.2.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-codec-0:1.3-9.2.1.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-collections-0:3.2.1-4.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-1:1.0.5-1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-jsvc-1:1.0.5-1.4.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-dbcp-0:1.2.1-16.4.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-digester-0:1.8.1-8.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-fileupload-1:1.1.1-7.4.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-httpclient-1:3.1-1.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-io-0:1.4-1.3.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-0:1.1.1-0.4.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-jboss-0:1.1-10.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-pool-0:1.3-11.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-validator-0:1.3.1-7.5.2.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-oro-0:2.0.8-3.3.2.1.1.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-taglibs-standard-0:1.1.1-9.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
javassist-0:3.12.0-1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-core-0:2.2.17-1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-jdk-0:2.1.2-1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-spi-0:2.1.2-1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-javaee-0:5.0.1-2.9.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jcommon-0:1.0.16-1.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jfreechart-0:1.0.13-2.3.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-0:1.0.10-2.1.GA_CP01.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-native-0:1.0.10-2.1.GA_CP01.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_jk-0:1.2.31-1.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
objectweb-asm-0:3.1-5.3.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
struts12-0:1.2.9-3.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat5-0:5.5.33-16_patch_04.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat6-0:6.0.32-15.1_patch_03.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-jkstatus-ant-0:1.2.31-2.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-native-0:1.1.20-2.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
xalan-j2-0:2.7.1-5.3_patch_04.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
xerces-j2-0:2.9.1-3.patch01.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
xml-commons-0:1.3.04-7.10.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
Red Hat JBoss Enterprise Web Server 1 for RHEL 6
ant-0:1.7.1-14.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
antlr-0:2.7.7-7.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
cglib-0:2.2-5.4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
dom4j-0:1.6.1-11.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
ecj3-1:3.3.1.1-4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
glassfish-jsf-0:1.2_13-3.1.4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-1:3.3.2-1.8.GA_CP04.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-annotations-0:3.4.0-3.5.GA_CP04.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-commons-annotations-0:3.1.0-1.8.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-ejb-persistence-3.0-api-1:1.0.2-3.3.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-entitymanager-0:3.4.0-4.4.GA_CP04.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
httpd-0:2.2.17-11.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-beanutils-0:1.8.0-9.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-chain-0:1.2-2.2.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-codec-0:1.3-12.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-collections-0:3.2.1-4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-1:1.0.5-1.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-jsvc-1:1.0.5-1.4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-dbcp-0:1.2.1-16.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-digester-0:1.8.1-8.1.1.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-fileupload-1:1.1.1-7.5.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-httpclient-1:3.1-1.2.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-io-0:1.4-4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-0:1.1.1-1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-jboss-0:1.1-10.2.2.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-pool-0:1.3-15.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-validator-0:1.3.1-7.5.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-oro-0:2.0.8-7.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-taglibs-standard-0:1.1.1-12.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
javassist-0:3.12.0-3.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-core-0:2.2.17-1.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-jdk-0:2.1.2-1.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-spi-0:2.1.2-1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-javaee-0:5.0.1-2.9.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jcommon-0:1.0.16-1.2.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jfreechart-0:1.0.13-2.3.2.1.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-0:1.0.10-2.2.GA_CP01.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-native-0:1.0.10-2.1.1.GA_CP01.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_jk-0:1.2.31-1.1.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
objectweb-asm31-0:3.1-12.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
struts12-0:1.2.9-3.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat5-0:5.5.33-15_patch_04.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat6-0:6.0.32-14_patch_03.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-jkstatus-ant-0:1.2.31-2.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-native-0:1.1.20-2.1.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
xalan-j2-0:2.7.1-5.3_patch_04.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
xerces-j2-0:2.9.1-8.patch01.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
xml-commons-0:1.3.04-7.14.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
Red Hat JBoss Web Server 1.0
	cpe:/a:redhat:jboss_enterprise_web_server:1.0	RHSA-2011:0896	2011-06-22T00:00:00Z

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0285.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/42337
http://secunia.com/advisories/43019
http://secunia.com/advisories/45022
http://secunia.com/advisories/57126
http://securitytracker.com/id?1024764
http://support.apple.com/kb/HT5002
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
http://svn.apache.org/viewvc?view=revision&revision=1037778
http://svn.apache.org/viewvc?view=revision&revision=1037779
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.redhat.com/support/errata/RHSA-2011-0791.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
http://www.securityfocus.com/archive/1/514866/100/0/threaded
http://www.securityfocus.com/bid/45015
http://www.ubuntu.com/usn/USN-1048-1
http://www.vupen.com/english/advisories/2010/3047
http://www.vupen.com/english/advisories/2011/0203
https://bugzilla.redhat.com/show_bug.cgi?id=656246
https://exchange.xforce.ibmcloud.com/vulnerabilities/63422
https://nvd.nist.gov/vuln/detail/CVE-2010-4172
https://www.cve.org/CVERecord?id=CVE-2010-4172

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-11-26T19:00:00

Updated: 2024-08-07T03:34:37.407Z

Reserved: 2010-11-04T00:00:00

Link: CVE-2010-4172

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-11-26T20:00:04.750

Modified: 2023-02-13T04:28:10.957

Link: CVE-2010-4172

Redhat

Severity : Moderate

Publid Date: 2010-11-22T00:00:00Z

Links: CVE-2010-4172 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object