QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2005-4838

Back to search

CVE-2005-4838

Published: Apr 25, 2007

Modified: Aug 8, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.

VendorProductVersions

n/a

n/a

affected
n/a

References

tomcat-functions-xss(36467)
vdb-entry
x_refsource_XF
20070906 Apache Tomcat remote xss
mailing-list
x_refsource_FULLDISC
RHSA-2008:0630
vendor-advisory
x_refsource_REDHAT
34878
vdb-entry
x_refsource_OSVDB
12721
vdb-entry
x_refsource_OSVDB
31493
third-party-advisory
x_refsource_SECUNIA
34879
vdb-entry
x_refsource_OSVDB
1012793
vdb-entry
x_refsource_SECTRACK
13737
third-party-advisory
x_refsource_SECUNIA
RHSA-2008:0261
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now