CVE-2011-0013
Published: 18 February 2011
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Priority
Status
Package | Release | Status |
---|---|---|
tomcat5 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
tomcat5.5 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Released
(5.5.32)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1057518 |
||
Binaries built from this source package are in Universe and so are supported by the community. | ||
tomcat6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(6.0.20-2ubuntu2.4)
|
|
lucid |
Released
(6.0.24-2ubuntu1.7)
|
|
maverick |
Released
(6.0.28-2ubuntu1.2)
|
|
natty |
Not vulnerable
(6.0.28-10ubuntu2)
|
|
upstream |
Released
(6.0.30)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1057270 |