CVE-2011-0013 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Tomcat
Redhat	Enterprise Linux Jboss Enterprise Web Server

Configuration 1 [-]

OR	cpe:2.3:a:apache:tomcat:7.0.0:::::::*
	cpe:2.3:a:apache:tomcat:7.0.1:::::::*
	cpe:2.3:a:apache:tomcat:7.0.2:::::::*
	cpe:2.3:a:apache:tomcat:7.0.3:::::::*
	cpe:2.3:a:apache:tomcat:7.0.4:::::::*
	cpe:2.3:a:apache:tomcat:7.0.5:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:apache:tomcat:6.0:::::::*
	cpe:2.3:a:apache:tomcat:6.0.0:::::::*
	cpe:2.3:a:apache:tomcat:6.0.1:::::::*
	cpe:2.3:a:apache:tomcat:6.0.2:::::::*
	cpe:2.3:a:apache:tomcat:6.0.3:::::::*
	cpe:2.3:a:apache:tomcat:6.0.4:::::::*
	cpe:2.3:a:apache:tomcat:6.0.5:::::::*
	cpe:2.3:a:apache:tomcat:6.0.6:::::::*
	cpe:2.3:a:apache:tomcat:6.0.7:::::::*
	cpe:2.3:a:apache:tomcat:6.0.8:::::::*
	cpe:2.3:a:apache:tomcat:6.0.9:::::::*
	cpe:2.3:a:apache:tomcat:6.0.10:::::::*
	cpe:2.3:a:apache:tomcat:6.0.11:::::::*
	cpe:2.3:a:apache:tomcat:6.0.12:::::::*
	cpe:2.3:a:apache:tomcat:6.0.13:::::::*
	cpe:2.3:a:apache:tomcat:6.0.14:::::::*
	cpe:2.3:a:apache:tomcat:6.0.15:::::::*
	cpe:2.3:a:apache:tomcat:6.0.16:::::::*
	cpe:2.3:a:apache:tomcat:6.0.17:::::::*
	cpe:2.3:a:apache:tomcat:6.0.18:::::::*
	cpe:2.3:a:apache:tomcat:6.0.19:::::::*
	cpe:2.3:a:apache:tomcat:6.0.20:::::::*
	cpe:2.3:a:apache:tomcat:6.0.24:::::::*
	cpe:2.3:a:apache:tomcat:6.0.26:::::::*
	cpe:2.3:a:apache:tomcat:6.0.27:::::::*
	cpe:2.3:a:apache:tomcat:6.0.28:::::::*
	cpe:2.3:a:apache:tomcat:6.0.29:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:apache:tomcat:5.5.0:::::::*
	cpe:2.3:a:apache:tomcat:5.5.1:::::::*
	cpe:2.3:a:apache:tomcat:5.5.2:::::::*
	cpe:2.3:a:apache:tomcat:5.5.3:::::::*
	cpe:2.3:a:apache:tomcat:5.5.4:::::::*
	cpe:2.3:a:apache:tomcat:5.5.5:::::::*
	cpe:2.3:a:apache:tomcat:5.5.6:::::::*
	cpe:2.3:a:apache:tomcat:5.5.7:::::::*
	cpe:2.3:a:apache:tomcat:5.5.8:::::::*
	cpe:2.3:a:apache:tomcat:5.5.9:::::::*
	cpe:2.3:a:apache:tomcat:5.5.10:::::::*
	cpe:2.3:a:apache:tomcat:5.5.11:::::::*
	cpe:2.3:a:apache:tomcat:5.5.12:::::::*
	cpe:2.3:a:apache:tomcat:5.5.13:::::::*
	cpe:2.3:a:apache:tomcat:5.5.14:::::::*
	cpe:2.3:a:apache:tomcat:5.5.15:::::::*
	cpe:2.3:a:apache:tomcat:5.5.16:::::::*
	cpe:2.3:a:apache:tomcat:5.5.17:::::::*
	cpe:2.3:a:apache:tomcat:5.5.18:::::::*
	cpe:2.3:a:apache:tomcat:5.5.19:::::::*
	cpe:2.3:a:apache:tomcat:5.5.20:::::::*
	cpe:2.3:a:apache:tomcat:5.5.21:::::::*
	cpe:2.3:a:apache:tomcat:5.5.22:::::::*
	cpe:2.3:a:apache:tomcat:5.5.23:::::::*
	cpe:2.3:a:apache:tomcat:5.5.24:::::::*
	cpe:2.3:a:apache:tomcat:5.5.25:::::::*
	cpe:2.3:a:apache:tomcat:5.5.26:::::::*
	cpe:2.3:a:apache:tomcat:5.5.27:::::::*
	cpe:2.3:a:apache:tomcat:5.5.28:::::::*
	cpe:2.3:a:apache:tomcat:5.5.29:::::::*
	cpe:2.3:a:apache:tomcat:5.5.30:::::::*
	cpe:2.3:a:apache:tomcat:5.5.31:::::::*

Package	CPE	Advisory	Released Date
JBEWS 1.0 for RHEL 4
ant-0:1.7.1-13.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
antlr-0:2.7.7-7.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
bcel-0:5.2-8.1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
cglib-0:2.2-5.1.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
dom4j-0:1.6.1-11.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
ecj-1:3.3.1.1-3.2.2.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
glassfish-jaf-0:1.1.0-6.1.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
glassfish-javamail-0:1.4.2-0.4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
glassfish-jsf-0:1.2_13-2.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-1:3.3.2-1.5.GA_CP04.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-annotations-0:3.4.0-3.3.GA_CP04.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-commons-annotations-0:3.1.0-1.8.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-ejb-persistence-3.0-api-1:1.0.2-3.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-entitymanager-0:3.4.0-4.3.GA_CP04.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
httpd22-0:2.2.17-14.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-beanutils-0:1.8.0-4.1.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-chain-0:1.2-2.2.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-codec-0:1.3-9.1.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-collections-0:3.2.1-4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-1:1.0.5-1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-jsvc-1:1.0.5-1.4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-dbcp-0:1.2.1-16.4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-digester-0:1.8.1-8.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-el-0:1.0-19.2.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-fileupload-1:1.1.1-7.4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-httpclient-1:3.1-1.1.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-io-0:1.4-1.3.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-launcher-0:1.1-4.6.1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-0:1.1.1-0.4.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-jboss-0:1.1-10.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-modeler-0:2.0-4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-pool-0:1.3-11.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-validator-0:1.3.1-7.5.1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-oro-0:2.0.8-3.3.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-taglibs-standard-0:1.1.1-9.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
javassist-0:3.12.0-1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-core-0:2.2.17-1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-jdk-0:2.1.2-1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-spi-0:2.1.2-1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-javaee-0:5.0.1-2.9.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jcommon-0:1.0.16-1.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
jfreechart-0:1.0.13-2.3.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
log4j-0:1.2.14-18.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-0:1.0.10-2.GA_CP01.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-native-0:1.0.10-2.GA_CP01.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_jk-0:1.2.31-1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
mx4j-1:3.0.1-9.3.4.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
objectweb-asm-0:3.1-5.3.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
regexp-0:1.5-1.2.1.jdk6.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
struts12-0:1.2.9-3.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat5-0:5.5.33-14_patch_04.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat6-0:6.0.32-15_patch_03.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-jkstatus-ant-0:1.2.31-2.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-native-0:1.1.20-2.0.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
xalan-j2-0:2.7.1-5.3_patch_04.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
xerces-j2-0:2.9.1-3.patch01.1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
xml-commons-1:1.3.04-7.12.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2011:0897	2011-06-22T00:00:00Z
Red Hat Enterprise Linux 5
tomcat5-0:5.5.23-0jpp.22.el5_7	cpe:/o:redhat:enterprise_linux:5	RHSA-2011:1845	2011-12-20T00:00:00Z
Red Hat Enterprise Linux 6
tomcat6-0:6.0.24-33.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2011:0791	2011-05-19T00:00:00Z
Red Hat JBoss Enterprise Web Server 1 for RHEL 5
ant-0:1.7.1-13.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
antlr-0:2.7.7-7.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
cglib-0:2.2-5.1.1.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
dom4j-0:1.6.1-11.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
ecj3-1:3.3.1.1-3.1.1.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
glassfish-jsf-0:1.2_13-3.1.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-1:3.3.2-1.4.GA_CP04.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-annotations-0:3.4.0-3.2.GA_CP04.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-commons-annotations-0:3.1.0-1.8.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-ejb-persistence-3.0-api-1:1.0.2-3.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-entitymanager-0:3.4.0-4.3.GA_CP04.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
httpd-0:2.2.17-11.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-beanutils-0:1.8.0-4.1.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-chain-0:1.2-2.2.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-codec-0:1.3-9.2.1.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-collections-0:3.2.1-4.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-1:1.0.5-1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-jsvc-1:1.0.5-1.4.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-dbcp-0:1.2.1-16.4.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-digester-0:1.8.1-8.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-fileupload-1:1.1.1-7.4.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-httpclient-1:3.1-1.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-io-0:1.4-1.3.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-0:1.1.1-0.4.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-jboss-0:1.1-10.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-pool-0:1.3-11.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-validator-0:1.3.1-7.5.2.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-oro-0:2.0.8-3.3.2.1.1.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-taglibs-standard-0:1.1.1-9.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
javassist-0:3.12.0-1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-core-0:2.2.17-1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-jdk-0:2.1.2-1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-spi-0:2.1.2-1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-javaee-0:5.0.1-2.9.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jcommon-0:1.0.16-1.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
jfreechart-0:1.0.13-2.3.2.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-0:1.0.10-2.1.GA_CP01.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-native-0:1.0.10-2.1.GA_CP01.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_jk-0:1.2.31-1.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
objectweb-asm-0:3.1-5.3.1.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
struts12-0:1.2.9-3.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat5-0:5.5.33-16_patch_04.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat6-0:6.0.32-15.1_patch_03.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-jkstatus-ant-0:1.2.31-2.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-native-0:1.1.20-2.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
xalan-j2-0:2.7.1-5.3_patch_04.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
xerces-j2-0:2.9.1-3.patch01.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
xml-commons-0:1.3.04-7.10.jdk6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2011:0897	2011-06-22T00:00:00Z
Red Hat JBoss Enterprise Web Server 1 for RHEL 6
ant-0:1.7.1-14.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
antlr-0:2.7.7-7.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
cglib-0:2.2-5.4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
dom4j-0:1.6.1-11.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
ecj3-1:3.3.1.1-4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
glassfish-jsf-0:1.2_13-3.1.4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-1:3.3.2-1.8.GA_CP04.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-annotations-0:3.4.0-3.5.GA_CP04.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-commons-annotations-0:3.1.0-1.8.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-ejb-persistence-3.0-api-1:1.0.2-3.3.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
hibernate3-entitymanager-0:3.4.0-4.4.GA_CP04.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
httpd-0:2.2.17-11.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-beanutils-0:1.8.0-9.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-chain-0:1.2-2.2.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-codec-0:1.3-12.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-collections-0:3.2.1-4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-1:1.0.5-1.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-daemon-jsvc-1:1.0.5-1.4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-dbcp-0:1.2.1-16.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-digester-0:1.8.1-8.1.1.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-fileupload-1:1.1.1-7.5.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-httpclient-1:3.1-1.2.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-io-0:1.4-4.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-0:1.1.1-1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-logging-jboss-0:1.1-10.2.2.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-pool-0:1.3-15.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-commons-validator-0:1.3.1-7.5.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-oro-0:2.0.8-7.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jakarta-taglibs-standard-0:1.1.1-12.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
javassist-0:3.12.0-3.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-core-0:2.2.17-1.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-jdk-0:2.1.2-1.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-common-logging-spi-0:2.1.2-1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jboss-javaee-0:5.0.1-2.9.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jcommon-0:1.0.16-1.2.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
jfreechart-0:1.0.13-2.3.2.1.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-0:1.0.10-2.2.GA_CP01.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_cluster-native-0:1.0.10-2.1.1.GA_CP01.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
mod_jk-0:1.2.31-1.1.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
objectweb-asm31-0:3.1-12.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
struts12-0:1.2.9-3.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat5-0:5.5.33-15_patch_04.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat6-0:6.0.32-14_patch_03.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-jkstatus-ant-0:1.2.31-2.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
tomcat-native-0:1.1.20-2.1.2.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
xalan-j2-0:2.7.1-5.3_patch_04.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
xerces-j2-0:2.9.1-8.patch01.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
xml-commons-0:1.3.04-7.14.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_server:1::el6	RHSA-2011:0897	2011-06-22T00:00:00Z
Red Hat JBoss Web Server 1.0
	cpe:/a:redhat:jboss_enterprise_web_server:1.0	RHSA-2011:0896	2011-06-22T00:00:00Z

References

Link	Providers
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://marc.info/?l=bugtraq&m=130168502603566&w=2
http://marc.info/?l=bugtraq&m=132215163318824&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/43192
http://secunia.com/advisories/45022
http://secunia.com/advisories/57126
http://securityreason.com/securityalert/8093
http://support.apple.com/kb/HT5002
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29
http://www.debian.org/security/2011/dsa-2160
http://www.mandriva.com/security/advisories?name=MDVSA-2011:030
http://www.redhat.com/support/errata/RHSA-2011-0791.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
http://www.redhat.com/support/errata/RHSA-2011-1845.html
http://www.securityfocus.com/archive/1/516209/30/90/threaded
http://www.securityfocus.com/bid/46174
http://www.securitytracker.com/id?1025026
http://www.vupen.com/english/advisories/2011/0376
https://bugzilla.redhat.com/show_bug.cgi?id=675786
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2011-0013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269
https://www.cve.org/CVERecord?id=CVE-2011-0013

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-02-18T23:00:00

Updated: 2024-08-06T21:36:02.212Z

Reserved: 2010-12-07T00:00:00

Link: CVE-2011-0013

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-02-19T01:00:01.557

Modified: 2023-02-13T01:18:20.947

Link: CVE-2011-0013

Redhat

Severity : Moderate

Publid Date: 2011-01-11T00:00:00Z

Links: CVE-2011-0013 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object