QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2010-4172

Back to search

CVE-2010-4172

Published: Nov 26, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

VendorProductVersions

n/a

n/a

affected
n/a

References

USN-1048-1
vendor-advisory
x_refsource_UBUNTU
42337
third-party-advisory
x_refsource_SECUNIA
45022
third-party-advisory
x_refsource_SECUNIA
tomcat-sessionlist-xss(63422)
vdb-entry
x_refsource_XF
ADV-2010-3047
vdb-entry
x_refsource_VUPEN
APPLE-SA-2011-10-12-3
vendor-advisory
x_refsource_APPLE
RHSA-2011:0897
vendor-advisory
x_refsource_REDHAT
57126
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:0791
vendor-advisory
x_refsource_REDHAT
ADV-2011-0203
vdb-entry
x_refsource_VUPEN
1024764
vdb-entry
x_refsource_SECTRACK
RHSA-2011:0896
vendor-advisory
x_refsource_REDHAT
HPSBST02955
vendor-advisory
x_refsource_HP
43019
third-party-advisory
x_refsource_SECUNIA
45015
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now