Vulnerability-Lookup

CVE-2011-0013 (GCVE-0-2011-0013)

Vulnerability from cvelistv5 – Published: 2011-02-18 23:00 – Updated: 2024-08-06 21:36

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://marc.info/?l=bugtraq&m=136485229118404&w=2	vendor-advisoryx_refsource_HP
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.vupen.com/english/advisories/2011/0376	vdb-entryx_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/45022	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2011-18…	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/46174	vdb-entryx_refsource_BID
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://marc.info/?l=bugtraq&m=132215163318824&w=2	vendor-advisoryx_refsource_HP
	http://lists.apple.com/archives/Security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.securityfocus.com/archive/1/516209/30/…	mailing-listx_refsource_BUGTRAQ
	http://www.redhat.com/support/errata/RHSA-2011-08…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/57126	third-party-advisoryx_refsource_SECUNIA
	http://tomcat.apache.org/security-5.html#Fixed_in…	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2011-07…	vendor-advisoryx_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://bugzilla.redhat.com/show_bug.cgi?id=675786	x_refsource_MISC
	http://secunia.com/advisories/43192	third-party-advisoryx_refsource_SECUNIA
	http://tomcat.apache.org/security-7.html#Fixed_in…	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1025026	vdb-entryx_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2011-08…	vendor-advisoryx_refsource_REDHAT
	http://www.debian.org/security/2011/dsa-2160	vendor-advisoryx_refsource_DEBIAN
	http://support.apple.com/kb/HT5002	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=132215163318824&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=136485229118404&w=2	vendor-advisoryx_refsource_HP
	http://securityreason.com/securityalert/8093	third-party-advisoryx_refsource_SREASON
	http://tomcat.apache.org/security-6.html#Fixed_in…	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=130168502603566&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=139344343412337&w=2	vendor-advisoryx_refsource_HP
	http://support.novell.com/docs/Readmes/InfoDocume…	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/06cfb634bc7b…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/8dcaf7c3894d…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r584a714f141…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r3aacc40356d…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:36:02.212Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBUX02860",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:12878",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878"
          },
          {
            "name": "ADV-2011-0376",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0376"
          },
          {
            "name": "oval:org.mitre.oval:def:19269",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269"
          },
          {
            "name": "45022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45022"
          },
          {
            "name": "RHSA-2011:1845",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1845.html"
          },
          {
            "name": "46174",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46174"
          },
          {
            "name": "SUSE-SR:2011:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
          },
          {
            "name": "SSRT100627",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2"
          },
          {
            "name": "APPLE-SA-2011-10-12-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
          },
          {
            "name": "MDVSA-2011:030",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:030"
          },
          {
            "name": "20110205 [SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516209/30/90/threaded"
          },
          {
            "name": "RHSA-2011:0897",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0897.html"
          },
          {
            "name": "57126",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57126"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32"
          },
          {
            "name": "RHSA-2011:0791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0791.html"
          },
          {
            "name": "oval:org.mitre.oval:def:14945",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675786"
          },
          {
            "name": "43192",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43192"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29"
          },
          {
            "name": "1025026",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025026"
          },
          {
            "name": "RHSA-2011:0896",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
          },
          {
            "name": "DSA-2160",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2160"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5002"
          },
          {
            "name": "HPSBUX02725",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2"
          },
          {
            "name": "SSRT101146",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "name": "8093",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8093"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30"
          },
          {
            "name": "HPSBUX02645",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130168502603566\u0026w=2"
          },
          {
            "name": "HPSBST02955",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-01-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:08:53.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "HPSBUX02860",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:12878",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878"
        },
        {
          "name": "ADV-2011-0376",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0376"
        },
        {
          "name": "oval:org.mitre.oval:def:19269",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269"
        },
        {
          "name": "45022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45022"
        },
        {
          "name": "RHSA-2011:1845",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1845.html"
        },
        {
          "name": "46174",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46174"
        },
        {
          "name": "SUSE-SR:2011:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
        },
        {
          "name": "SSRT100627",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2"
        },
        {
          "name": "APPLE-SA-2011-10-12-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
        },
        {
          "name": "MDVSA-2011:030",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:030"
        },
        {
          "name": "20110205 [SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516209/30/90/threaded"
        },
        {
          "name": "RHSA-2011:0897",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0897.html"
        },
        {
          "name": "57126",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57126"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32"
        },
        {
          "name": "RHSA-2011:0791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0791.html"
        },
        {
          "name": "oval:org.mitre.oval:def:14945",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675786"
        },
        {
          "name": "43192",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43192"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29"
        },
        {
          "name": "1025026",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025026"
        },
        {
          "name": "RHSA-2011:0896",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
        },
        {
          "name": "DSA-2160",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2160"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5002"
        },
        {
          "name": "HPSBUX02725",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2"
        },
        {
          "name": "SSRT101146",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
        },
        {
          "name": "8093",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8093"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30"
        },
        {
          "name": "HPSBUX02645",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130168502603566\u0026w=2"
        },
        {
          "name": "HPSBST02955",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-0013",
    "datePublished": "2011-02-18T23:00:00.000Z",
    "dateReserved": "2010-12-07T00:00:00.000Z",
    "dateUpdated": "2024-08-06T21:36:02.212Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2012-AVI-474

Vulnerability from certfr_avis - Published: 2012-08-31 - Updated: 2012-08-31

Plusieurs vulnérabilités ont été corrigées dans les produits IBM. Parmi celles-ci, une vulnérabilité permet à un attaquant d'exécuter du code arbitraire à distance au moyen d'un fichier de paramètrage spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	N/A	IBM Rational AppScan Enterprise / Security AppScan Enterprise versions 8.0 à 8.6 incluses ;
	IBM	N/A	IBM Rational Policy Tester versions 8.0 à 8.5.0.1 incluses.

References

Title

Publication Time

Tags

Bulletin de sécurité IBM swg21609004 du 27 août 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Rational AppScan Enterprise / Security AppScan Enterprise versions 8.0 \u00e0 8.6 incluses ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Rational Policy Tester versions 8.0 \u00e0 8.5.0.1 incluses.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-5062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5062"
    },
    {
      "name": "CVE-2011-2729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2729"
    },
    {
      "name": "CVE-2011-3190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3190"
    },
    {
      "name": "CVE-2011-0013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0013"
    },
    {
      "name": "CVE-2011-5063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5063"
    },
    {
      "name": "CVE-2011-1184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1184"
    },
    {
      "name": "CVE-2011-2526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2526"
    },
    {
      "name": "CVE-2011-5064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5064"
    },
    {
      "name": "CVE-2011-2204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2204"
    }
  ],
  "initial_release_date": "2012-08-31T00:00:00",
  "last_revision_date": "2012-08-31T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-474",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-08-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Parmi celles-ci, une vuln\u00e9rabilit\u00e9 permet \u00e0\nun attaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance au moyen d\u0027un\nfichier de param\u00e8trage sp\u00e9cialement con\u00e7u.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM AppScan Enterprise and Policy Tester",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21609004 du 27 ao\u00fbt 2012",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004"
    }
  ]
}

CERTFR-2014-AVI-089

Vulnerability from certfr_avis - Published: 2014-02-25 - Updated: 2014-02-25

De multiples vulnérabilités ont été corrigées dans HP XP P9000 Performance Advisor Software. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HP XP P9000 Performance Advisor Software versions 5.4.1 et antérieures

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c04047415 du 25 février 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eHP XP P9000 Performance Advisor Software versions 5.4.1 et  ant\u00e9rieures\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-5062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5062"
    },
    {
      "name": "CVE-2011-2729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2729"
    },
    {
      "name": "CVE-2010-4172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4172"
    },
    {
      "name": "CVE-2011-3190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3190"
    },
    {
      "name": "CVE-2011-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0534"
    },
    {
      "name": "CVE-2008-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
    },
    {
      "name": "CVE-2009-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
    },
    {
      "name": "CVE-2011-0013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0013"
    },
    {
      "name": "CVE-2013-0366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0366"
    },
    {
      "name": "CVE-2013-0381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0381"
    },
    {
      "name": "CVE-2009-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
    },
    {
      "name": "CVE-2011-5063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5063"
    },
    {
      "name": "CVE-2009-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
    },
    {
      "name": "CVE-2012-4431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4431"
    },
    {
      "name": "CVE-2013-0354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0354"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2010-2227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2227"
    },
    {
      "name": "CVE-2008-1232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
    },
    {
      "name": "CVE-2011-1184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1184"
    },
    {
      "name": "CVE-2013-0372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0372"
    },
    {
      "name": "CVE-2011-2526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2526"
    },
    {
      "name": "CVE-2013-0363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0363"
    },
    {
      "name": "CVE-2009-3548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3548"
    },
    {
      "name": "CVE-2008-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
    },
    {
      "name": "CVE-2013-0364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0364"
    },
    {
      "name": "CVE-2012-3546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2012-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3219"
    },
    {
      "name": "CVE-2008-1947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
    },
    {
      "name": "CVE-2012-4534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4534"
    },
    {
      "name": "CVE-2013-0352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0352"
    },
    {
      "name": "CVE-2013-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0397"
    },
    {
      "name": "CVE-2007-6286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6286"
    },
    {
      "name": "CVE-2013-0361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0361"
    },
    {
      "name": "CVE-2011-5064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5064"
    },
    {
      "name": "CVE-2010-3718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3718"
    },
    {
      "name": "CVE-2007-5342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
    },
    {
      "name": "CVE-2012-3190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3190"
    },
    {
      "name": "CVE-2011-2481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2481"
    },
    {
      "name": "CVE-2011-5035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5035"
    },
    {
      "name": "CVE-2011-2204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2204"
    },
    {
      "name": "CVE-2010-1157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1157"
    },
    {
      "name": "CVE-2012-2733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2733"
    }
  ],
  "initial_release_date": "2014-02-25T00:00:00",
  "last_revision_date": "2014-02-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-089",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-02-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHP XP P9000 Performance Advisor Software\u003c/span\u003e.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP XP P9000 Performance Advisor Software",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c04047415 du 25 f\u00e9vrier 2014",
      "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04047415-1"
    }
  ]
}

CERTA-2011-AVI-564

Vulnerability from certfr_avis - Published: 2011-10-13 - Updated: 2011-10-13

Plusieurs vulnérabilités présentes dans Mac OS X ont été corrigées.

Description

De multiples vulnérabilités découvertes dans Mac OS X permettent à une personne malveillante d'exécuter du code arbitraire à distance avec potentiellement des privilèges élevés, de provoquer un déni de service, de contourner la politique de sécurité du système, de porter atteinte à la confidentialité et à l'intégrité des données ou encore de réaliser une injection de code indirecte.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Mac OS X v10.6.8 ;
Apple	N/A	Mac OS X Lion Server v10.7 et v10.7.1 ;
Apple	N/A	Mac OS X Server v10.7 et v10.7.1.
Apple	N/A	Mac OS X Server v10.6.8 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT5002 du 12 octobre 2011	None	vendor-advisory
Référence CVE CVE-2010-3436 :	-	other
Référence CVE CVE-2011-0708 :	-	other
Référence CVE CVE-2011-1467 :	-	other
Référence CVE CVE-2011-1910 :	-	other
Référence CVE CVE-2011-3217 :	-	other
Référence CVE CVE-2011-1153 :	-	other
Référence CVE CVE-2011-3220 :	-	other
Référence CVE CVE-2010-3614 :	-	other
Référence CVE CVE-2011-0420 :	-	other
Référence CVE CVE-2011-0411 :	-	other
Référence CVE CVE-2011-0224 :	-	other
Référence CVE CVE-2010-3613 :	-	other
Référence CVE CVE-2011-3225 :	-	other
Référence CVE CVE-2011-0249 :	-	other
Référence CVE CVE-2011-3227 :	-	other
Référence CVE CVE-2011-1521 :	-	other
Référence CVE CVE-2011-0185 :	-	other
Référence CVE CVE-2011-0252 :	-	other
Référence CVE CVE-2011-0226 :	-	other
Référence CVE CVE-2010-4645 :	-	other
Référence CVE CVE-2011-3213 :	-	other
Référence CVE CVE-2011-3221 :	-	other
Référence CVE CVE-2011-1471 :	-	other
Référence CVE CVE-2011-3435 :	-	other
Référence CVE CVE-2011-3218 :	-	other
Référence CVE CVE-2011-0013 :	-	other
Référence CVE CVE-2010-1634 :	-	other
Référence CVE CVE-2011-0250 :	-	other
Référence CVE CVE-2011-3224 :	-	other
Référence CVE CVE-2011-0259 :	-	other
Référence CVE CVE-2011-2690 :	-	other
Référence CVE CVE-2011-3226 :	-	other
Référence CVE CVE-2011-3216 :	-	other
Référence CVE CVE-2011-3212 :	-	other
Référence CVE CVE-2010-2089 :	-	other
Référence CVE CVE-2010-3718 :	-	other
Référence CVE CVE-2011-0260 :	-	other
Référence CVE CVE-2011-3214 :	-	other
Référence CVE CVE-2010-1157 :	-	other
Référence CVE CVE-2011-0707 :	-	other
Référence CVE CVE-2011-3223 :	-	other
Référence CVE CVE-2011-3246 :	-	other
Référence CVE CVE-2010-2227 :	-	other
Référence CVE CVE-2010-4172 :	-	other
Référence CVE CVE-2011-3436 :	-	other
Référence CVE CVE-2011-2691 :	-	other
Référence CVE CVE-2011-3437 :	-	other
Référence CVE CVE-2009-4022 :	-	other
Référence CVE CVE-2011-0187 :	-	other
Référence CVE CVE-2011-3192 :	-	other
Référence CVE CVE-2011-1755 :	-	other
Référence CVE CVE-2010-0097 :	-	other
Référence CVE CVE-2011-0419 :	-	other
Référence CVE CVE-2011-1466 :	-	other
Référence CVE CVE-2011-0421 :	-	other
Référence CVE CVE-2011-0251 :	-	other
Référence CVE CVE-2011-3219 :	-	other
Référence CVE CVE-2011-0229 :	-	other
Référence CVE CVE-2011-3222 :	-	other
Référence CVE CVE-2011-0534 :	-	other
Référence CVE CVE-2011-3228 :	-	other
Référence CVE CVE-2011-3215 :	-	other
Référence CVE CVE-2011-1092 :	-	other
Référence CVE CVE-2011-0230 :	-	other
Référence CVE CVE-2011-1470 :	-	other
Référence CVE CVE-2011-0231 :	-	other
Référence CVE CVE-2011-2692 :	-	other
Référence CVE CVE-2011-1468 :	-	other
Référence CVE CVE-2011-2464 :	-	other
Référence CVE CVE-2011-1469 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X v10.6.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Lion Server v10.7 et v10.7.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server v10.7 et v10.7.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server v10.6.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans Mac OS X permettent \u00e0 une\npersonne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance avec\npotentiellement des privil\u00e8ges \u00e9lev\u00e9s, de provoquer un d\u00e9ni de service,\nde contourner la politique de s\u00e9curit\u00e9 du syst\u00e8me, de porter atteinte \u00e0\nla confidentialit\u00e9 et \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es ou encore de r\u00e9aliser\nune injection de code indirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3216"
    },
    {
      "name": "CVE-2011-3436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3436"
    },
    {
      "name": "CVE-2010-1634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1634"
    },
    {
      "name": "CVE-2011-3214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3214"
    },
    {
      "name": "CVE-2011-0187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0187"
    },
    {
      "name": "CVE-2011-3192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
    },
    {
      "name": "CVE-2011-3228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3228"
    },
    {
      "name": "CVE-2011-0421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
    },
    {
      "name": "CVE-2011-0259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0259"
    },
    {
      "name": "CVE-2011-3221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3221"
    },
    {
      "name": "CVE-2010-4172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4172"
    },
    {
      "name": "CVE-2011-3217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3217"
    },
    {
      "name": "CVE-2011-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3219"
    },
    {
      "name": "CVE-2011-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0534"
    },
    {
      "name": "CVE-2011-0230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0230"
    },
    {
      "name": "CVE-2011-0229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0229"
    },
    {
      "name": "CVE-2011-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1471"
    },
    {
      "name": "CVE-2011-3222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3222"
    },
    {
      "name": "CVE-2011-1466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1466"
    },
    {
      "name": "CVE-2011-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0226"
    },
    {
      "name": "CVE-2011-0013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0013"
    },
    {
      "name": "CVE-2011-0231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0231"
    },
    {
      "name": "CVE-2011-3213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3213"
    },
    {
      "name": "CVE-2009-4022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4022"
    },
    {
      "name": "CVE-2011-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
    },
    {
      "name": "CVE-2011-3218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3218"
    },
    {
      "name": "CVE-2011-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2692"
    },
    {
      "name": "CVE-2010-4645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4645"
    },
    {
      "name": "CVE-2011-0249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0249"
    },
    {
      "name": "CVE-2011-3212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3212"
    },
    {
      "name": "CVE-2011-0250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0250"
    },
    {
      "name": "CVE-2011-1092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1092"
    },
    {
      "name": "CVE-2011-3227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3227"
    },
    {
      "name": "CVE-2011-1469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1469"
    },
    {
      "name": "CVE-2010-2227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2227"
    },
    {
      "name": "CVE-2011-1910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1910"
    },
    {
      "name": "CVE-2011-3220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3220"
    },
    {
      "name": "CVE-2011-0708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
    },
    {
      "name": "CVE-2010-3614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3614"
    },
    {
      "name": "CVE-2011-3224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3224"
    },
    {
      "name": "CVE-2011-3226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3226"
    },
    {
      "name": "CVE-2011-0260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0260"
    },
    {
      "name": "CVE-2011-2690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2690"
    },
    {
      "name": "CVE-2011-3215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3215"
    },
    {
      "name": "CVE-2010-3613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3613"
    },
    {
      "name": "CVE-2011-1521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1521"
    },
    {
      "name": "CVE-2011-1467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1467"
    },
    {
      "name": "CVE-2011-1755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1755"
    },
    {
      "name": "CVE-2011-3246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3246"
    },
    {
      "name": "CVE-2011-3435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3435"
    },
    {
      "name": "CVE-2011-2691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2691"
    },
    {
      "name": "CVE-2011-3437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3437"
    },
    {
      "name": "CVE-2011-0251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0251"
    },
    {
      "name": "CVE-2011-1470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1470"
    },
    {
      "name": "CVE-2011-3225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3225"
    },
    {
      "name": "CVE-2011-0411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
    },
    {
      "name": "CVE-2010-3718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3718"
    },
    {
      "name": "CVE-2011-2464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2464"
    },
    {
      "name": "CVE-2010-3436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3436"
    },
    {
      "name": "CVE-2010-0097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0097"
    },
    {
      "name": "CVE-2011-0707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0707"
    },
    {
      "name": "CVE-2011-0252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0252"
    },
    {
      "name": "CVE-2011-0224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0224"
    },
    {
      "name": "CVE-2010-2089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2089"
    },
    {
      "name": "CVE-2011-0420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0420"
    },
    {
      "name": "CVE-2010-1157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1157"
    },
    {
      "name": "CVE-2011-0419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0419"
    },
    {
      "name": "CVE-2011-1468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1468"
    },
    {
      "name": "CVE-2011-3223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3223"
    },
    {
      "name": "CVE-2011-0185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0185"
    }
  ],
  "initial_release_date": "2011-10-13T00:00:00",
  "last_revision_date": "2011-10-13T00:00:00",
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-3436 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3436"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0708 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0708"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1467 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1467"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1910 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1910"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3217 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3217"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1153 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1153"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3220 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3220"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-3614 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3614"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0420 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0420"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0411 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0411"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0224 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0224"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-3613 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3613"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3225 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3225"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0249 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0249"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3227 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3227"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1521 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1521"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0185 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0185"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0252 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0252"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0226 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0226"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-4645 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-4645"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3213 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3213"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3221 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3221"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1471 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1471"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3435 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3435"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3218 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3218"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0013 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0013"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-1634 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-1634"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0250 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0250"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3224 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3224"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0259 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0259"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-2690 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2690"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3226 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3226"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3216 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3216"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3212 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3212"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-2089 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-2089"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-3718 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3718"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0260 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0260"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3214 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3214"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-1157 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-1157"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0707 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0707"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3223 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3223"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3246 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3246"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-2227 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-2227"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-4172 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-4172"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3436 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3436"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-2691 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2691"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3437 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3437"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-4022 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2009-4022"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0187 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0187"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3192 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3192"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1755 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1755"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-0097 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-0097"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0419 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0419"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1466 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1466"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0421 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0421"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0251 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0251"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3219 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3219"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0229 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0229"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3222 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3222"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0534 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0534"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3228 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3228"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3215 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3215"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1092 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1092"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0230 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0230"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1470 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1470"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0231 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0231"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-2692 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2692"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1468 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1468"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-2464 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2464"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1469 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1469"
    }
  ],
  "reference": "CERTA-2011-AVI-564",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Mac OS X ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5002 du 12 octobre 2011",
      "url": "http://docs.info.apple.com/article.html?artnum=HT5002"
    }
  ]
}

CERTA-2011-AVI-663

Vulnerability from certfr_avis - Published: 2011-11-24 - Updated: 2011-11-24

De multiples vulnérabilités permettant de contouner la politique de sécurité, porter atteinte à la confidentialité et à l'intégrité des données, effectuer un déni de service ou injecter du code à distance sont présentes dans HP-UX Tomcat Servlet Engine.

Description

Plusieurs vulnérabilités sont présentes dans le module HP-UX Tomcat Servlet Engine embarqué dans HP-UX Apache Web Server Suite. Ces vulnérabilités permettent à un utilisateur distant malintentionné de :

contourner la politique de sécurité (CVE-2011-2526, CVE-2011-2729, CVE-2011-3190) ;
effectuer un déni de service à distance (CVE-2010-4476, CVE-2011-2526) ;
porter atteinte à la confidentialité des données (CVE-2010-3718, CVE-2011-2204) ;
porter atteinte à l'intégrité des données (CVE-2010-3718) ;
injecter indirectement du code à distance (CVE-2011-0013).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HP-UX Apache Web Server Suite version 3.19 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c03090723 du 21 novembre 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eHP-UX Apache Web Server Suite version  3.19 et ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans le module HP-UX Tomcat\nServlet Engine embarqu\u00e9 dans HP-UX Apache Web Server Suite. Ces\nvuln\u00e9rabilit\u00e9s permettent \u00e0 un utilisateur distant malintentionn\u00e9 de :\n\n-   contourner la politique de s\u00e9curit\u00e9 (CVE-2011-2526, CVE-2011-2729,\n    CVE-2011-3190) ;\n-   effectuer un d\u00e9ni de service \u00e0 distance (CVE-2010-4476,\n    CVE-2011-2526) ;\n-   porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es (CVE-2010-3718,\n    CVE-2011-2204) ;\n-   porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es (CVE-2010-3718) ;\n-   injecter indirectement du code \u00e0 distance (CVE-2011-0013).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4476"
    },
    {
      "name": "CVE-2011-2729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2729"
    },
    {
      "name": "CVE-2011-3190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3190"
    },
    {
      "name": "CVE-2011-0013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0013"
    },
    {
      "name": "CVE-2011-2526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2526"
    },
    {
      "name": "CVE-2010-3718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3718"
    },
    {
      "name": "CVE-2011-2204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2204"
    }
  ],
  "initial_release_date": "2011-11-24T00:00:00",
  "last_revision_date": "2011-11-24T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-663",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-11-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s permettant de contouner la politique de\ns\u00e9curit\u00e9, porter atteinte \u00e0 la confidentialit\u00e9 et \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es, effectuer un d\u00e9ni de service ou injecter du code \u00e0 distance\nsont pr\u00e9sentes dans \u003cspan class=\"textit\"\u003eHP-UX Tomcat Servlet\nEngine\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans HP-UX Tomcat Servlet Engine",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03090723 du 21 novembre 2011",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03090723"
    }
  ]
}

CERTA-2011-AVI-081

Vulnerability from certfr_avis - Published: 2011-02-10 - Updated: 2011-08-01

Plusieurs vulnérabilités ont été corrigées sur les serveurs Apache Tomcat versions 5, 6 et 7.

Description

Plusieurs vulnérabilités ont été corrigées sur les serveurs Apache Tomcat. Elles peuvent notament être exploitées par des utilisateurs locaux pour contourner la politique de sécurité, et par des attaquants distants pour réaliser un déni de service ou une injection de code indirecte.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apache	Tomcat	Apache Tomcat 5 versions antérieures à 5.5.32 ;
Apache	Tomcat	Apache Tomcat 7 versions antérieures à 7.0.8.
Apache	Tomcat	Apache Tomcat 6 versions antérieures à 6.0.32 ;

References

Title

Publication Time

Tags

Listes des vulnérabilités affectant Apache Tomcat 5, 6 et 7	None	vendor-advisory
Liste des vulnérabilités affectant Apache Tomcat 6 :	-	other
Liste des vulnérabilités affectant Apache Tomcat 7 :	-	other
Liste des vulnérabilités affectant Apache Tomcat 5 :	-	other
Bulletin de sécurité IBM swg21507512 du 29 juillet 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache Tomcat 5 versions ant\u00e9rieures \u00e0 5.5.32 ;",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Apache Tomcat 7 versions ant\u00e9rieures \u00e0 7.0.8.",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Apache Tomcat 6 versions ant\u00e9rieures \u00e0 6.0.32 ;",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es sur les serveurs Apache\nTomcat. Elles peuvent notament \u00eatre exploit\u00e9es par des utilisateurs\nlocaux pour contourner la politique de s\u00e9curit\u00e9, et par des attaquants\ndistants pour r\u00e9aliser un d\u00e9ni de service ou une injection de code\nindirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4476"
    },
    {
      "name": "CVE-2011-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0534"
    },
    {
      "name": "CVE-2011-0013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0013"
    },
    {
      "name": "CVE-2010-3718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3718"
    }
  ],
  "initial_release_date": "2011-02-10T00:00:00",
  "last_revision_date": "2011-08-01T00:00:00",
  "links": [
    {
      "title": "Liste des vuln\u00e9rabilit\u00e9s affectant Apache Tomcat 6 :",
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "title": "Liste des vuln\u00e9rabilit\u00e9s affectant Apache Tomcat 7 :",
      "url": "http://tomcat.apache.org/security-7.html"
    },
    {
      "title": "Liste des vuln\u00e9rabilit\u00e9s affectant Apache Tomcat 5 :",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21507512 du 29 juillet 2011 :",
      "url": "http://www-01.ibm.com/support/docview.wws?uid=swg21507512"
    }
  ],
  "reference": "CERTA-2011-AVI-081",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-10T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin IBM.",
      "revision_date": "2011-08-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es sur les serveurs Apache\nTomcat versions 5, 6 et 7.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache Tomcat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Listes des vuln\u00e9rabilit\u00e9s affectant Apache Tomcat 5, 6 et 7",
      "url": null
    }
  ]
}

GHSA-3P86-XGRQ-M6P6

Vulnerability from github – Published: 2022-05-03 03:25 – Updated: 2024-02-21 20:38

Summary

Improper Neutralization of Input During Web Page Generation in Apache Tomcat

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.5.0"
            },
            {
              "fixed": "5.5.32"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.0.30"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2011-0013"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-13T17:10:43Z",
    "nvd_published_at": "2011-02-19T01:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.",
  "id": "GHSA-3p86-xgrq-m6p6",
  "modified": "2024-02-21T20:38:34Z",
  "published": "2022-05-03T03:25:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0013"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/58223c5ecc0751c3642c810f291b8f033d33b97f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat55/commit/863d77c7d321245de019ac32252828e0a025c5b4"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20120213130147/http://www.securityfocus.com/bid/46174"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20120126070320/http://www.securitytracker.com/id?1025026"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20120126065143/http://www.securityfocus.com/archive/1/516209/30/90/threaded"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20111229163935/http://secunia.com/advisories/43192"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20111227000129/http://secunia.com/advisories/45022"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675786"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2011-0013"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2011:1845"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2011:0897"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2011:0896"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2011:0791"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=130168502603566\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8093"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5002"
    },
    {
      "type": "WEB",
      "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2160"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:030"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Improper Neutralization of Input During Web Page Generation in Apache Tomcat"
}

FKIE_CVE-2011-0013

Vulnerability from fkie_nvd - Published: 2011-02-19 01:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
secalert@redhat.com	http://marc.info/?l=bugtraq&m=130168502603566&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=132215163318824&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=136485229118404&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=139344343412337&w=2
secalert@redhat.com	http://secunia.com/advisories/43192	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/45022
secalert@redhat.com	http://secunia.com/advisories/57126
secalert@redhat.com	http://securityreason.com/securityalert/8093
secalert@redhat.com	http://support.apple.com/kb/HT5002
secalert@redhat.com	http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
secalert@redhat.com	http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32	Patch, Vendor Advisory
secalert@redhat.com	http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30	Patch, Vendor Advisory
secalert@redhat.com	http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2160
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2011:030
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2011-0791.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2011-0896.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2011-0897.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2011-1845.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/516209/30/90/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/46174
secalert@redhat.com	http://www.securitytracker.com/id?1025026	Exploit
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0376	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=675786	Patch
secalert@redhat.com	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=130168502603566&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=132215163318824&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=136485229118404&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=139344343412337&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43192	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45022
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57126
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8093
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5002
af854a3a-2127-422b-91ae-364da2661108	http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2160
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:030
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0791.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0896.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0897.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-1845.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/516209/30/90/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46174
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025026	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0376	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=675786	Patch
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269

Impacted products

Vendor	Product	Version
apache	tomcat	7.0.0
apache	tomcat	7.0.1
apache	tomcat	7.0.2
apache	tomcat	7.0.3
apache	tomcat	7.0.4
apache	tomcat	7.0.5
apache	tomcat	6.0
apache	tomcat	6.0.0
apache	tomcat	6.0.1
apache	tomcat	6.0.2
apache	tomcat	6.0.3
apache	tomcat	6.0.4
apache	tomcat	6.0.5
apache	tomcat	6.0.6
apache	tomcat	6.0.7
apache	tomcat	6.0.8
apache	tomcat	6.0.9
apache	tomcat	6.0.10
apache	tomcat	6.0.11
apache	tomcat	6.0.12
apache	tomcat	6.0.13
apache	tomcat	6.0.14
apache	tomcat	6.0.15
apache	tomcat	6.0.16
apache	tomcat	6.0.17
apache	tomcat	6.0.18
apache	tomcat	6.0.19
apache	tomcat	6.0.20
apache	tomcat	6.0.24
apache	tomcat	6.0.26
apache	tomcat	6.0.27
apache	tomcat	6.0.28
apache	tomcat	6.0.29
apache	tomcat	5.5.0
apache	tomcat	5.5.1
apache	tomcat	5.5.2
apache	tomcat	5.5.3
apache	tomcat	5.5.4
apache	tomcat	5.5.5
apache	tomcat	5.5.6
apache	tomcat	5.5.7
apache	tomcat	5.5.8
apache	tomcat	5.5.9
apache	tomcat	5.5.10
apache	tomcat	5.5.11
apache	tomcat	5.5.12
apache	tomcat	5.5.13
apache	tomcat	5.5.14
apache	tomcat	5.5.15
apache	tomcat	5.5.16
apache	tomcat	5.5.17
apache	tomcat	5.5.18
apache	tomcat	5.5.19
apache	tomcat	5.5.20
apache	tomcat	5.5.21
apache	tomcat	5.5.22
apache	tomcat	5.5.23
apache	tomcat	5.5.24
apache	tomcat	5.5.25
apache	tomcat	5.5.26
apache	tomcat	5.5.27
apache	tomcat	5.5.28
apache	tomcat	5.5.29
apache	tomcat	5.5.30
apache	tomcat	5.5.31

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F8C62EF-1B67-456A-9C66-755439CF8556",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A819E245-D641-4F19-9139-6C940504F6E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C381275-10C5-4939-BCE3-0D1F3B3CB2EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7205475A-6D04-4042-B24E-1DA5A57029B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "08022987-B36B-4F63-88A5-A8F59195DF4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF4B7557-EF35-451E-B55D-3296966695AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11D6FB7-CBDB-48C1-98CB-1B3CAA36C5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E3C039-A949-4F1B-892A-57147EECB249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28C7801-41B9-4552-BA1E-577967BCBBEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "25B21085-7259-4685-9D1F-FF98E6489E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "635EE321-2A1F-4FF8-95BE-0C26591969D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A81B035-8598-4D2C-B45F-C6C9D4B10C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1096947-82A6-4EA8-A4F2-00D91E3F7DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C95ADA4-66F5-45C4-A677-ACE22367A75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "11951A10-39A2-4FF5-8C43-DF94730FB794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "351E5BCF-A56B-4D91-BA3C-21A4B77D529A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DC2BBB4-171E-4EFF-A575-A5B7FF031755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B6B0504-27C1-4824-A928-A878CBBAB32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "D903956B-14F5-4177-AF12-0A5F1846D3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F847DC-A2F5-456C-9038-16A0E85F4C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6B93A3A-D487-4CA1-8257-26F8FE287B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8802B2-57E0-4AA6-BC8E-00DE60468569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "8461DF95-18DC-4BF5-A703-7F19DA88DC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F4C9BCF-9C73-4991-B02F-E08C5DA06EBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2823789C-2CB6-4300-94DB-BDBE83ABA8E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5416C76-46ED-4CB1-A7F8-F24EA16DE7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "A61429EE-4331-430C-9830-58DCCBCBCB58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "31B3593F-CEDF-423C-90F8-F88EED87DC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE7862B2-E1FA-4E16-92CD-8918AB461D9A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E98B82A-22E5-4E6C-90AE-56F5780EA147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "34672E90-C220-436B-9143-480941227933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "92883AFA-A02F-41A5-9977-ABEAC8AD2970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "989A78F8-EE92-465F-8A8D-ECF0B58AFE7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5B6627-B4A4-4E2D-B96C-CA37CCC8C804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFB09F3-32D1-479C-8C39-D7329D9A6623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56581E2-9ECD-426A-96D8-A9D958900AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "717F6995-5AF0-484C-90C0-A82F25FD2E32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0C01D5-773F-469C-9E69-170C2844AAA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB03FDFB-4DBF-4B70-BFA3-570D1DE67695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F5CF79C-759B-4FF9-90EE-847264059E93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "357651FD-392E-4775-BF20-37A23B3ABAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "585B9476-6B86-4809-9B9E-26112114CB59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6145036D-4FCE-4EBE-A137-BDFA69BA54F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E437055A-0A81-413F-AB08-0E9D0DC9EA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "9276A093-9C98-4617-9941-2276995F5848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98575E2-E39A-4A8F-B5B5-BD280B8367BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "5878E08E-2741-4798-94E9-BA8E07386B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "69F6BAB7-C099-4345-A632-7287AEA555B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3AAF031-D16B-4D51-9581-2D1376A5157B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "51120689-F5C0-4DF1-91AA-314C40A46C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67477AB-85F6-421C-9C0B-C8EFB1B200CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "16D0C265-2ED9-42CF-A7D6-C7FAE4246A1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D70CFD9-B55D-4A29-B94C-D33F3E881A8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1195878-CCC9-49BC-9AC7-1F88F0DFAB82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "375C26A9-623E-483A-BC11-468D9DE278C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCDDD480-3C9E-4BE9-848A-99A13145C2AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "42BB8770-0BB4-4F23-AE24-58745095060D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la interfaz de HTML Manager en Apache Software Foundation Tomcat v7.0 antes de v7.0.6, v5.5 antes de v5.5.32 y v6.0 antes de v6.0.30 permiten a atacantes remotos inyectar secuencias de comandos web o HTML, como se demuestra a trav\u00e9s de una etiqueta display-name."
    }
  ],
  "id": "CVE-2011-0013",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-02-19T01:00:01.557",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=130168502603566\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43192"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/45022"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/57126"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/8093"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT5002"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2160"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:030"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0791.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0897.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1845.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/516209/30/90/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/46174"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securitytracker.com/id?1025026"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0376"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675786"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=130168502603566\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0791.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0897.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1845.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516209/30/90/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securitytracker.com/id?1025026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-0013

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-0013

Aliases

CVE-2011-0013

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-0013",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.",
    "id": "GSD-2011-0013",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-0013.html",
      "https://www.debian.org/security/2011/dsa-2160",
      "https://access.redhat.com/errata/RHSA-2011:1845",
      "https://access.redhat.com/errata/RHSA-2011:0897",
      "https://access.redhat.com/errata/RHSA-2011:0896",
      "https://access.redhat.com/errata/RHSA-2011:0791",
      "https://linux.oracle.com/cve/CVE-2011-0013.html",
      "https://packetstormsecurity.com/files/cve/CVE-2011-0013"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-0013"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.",
      "id": "GSD-2011-0013",
      "modified": "2023-12-13T01:19:04.307549Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-0013",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "name": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2011-0896.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2011-0897.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0897.html"
          },
          {
            "name": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
          },
          {
            "name": "http://secunia.com/advisories/57126",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/57126"
          },
          {
            "name": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
          },
          {
            "name": "http://support.apple.com/kb/HT5002",
            "refsource": "MISC",
            "url": "http://support.apple.com/kb/HT5002"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
          },
          {
            "name": "http://marc.info/?l=bugtraq\u0026m=130168502603566\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=bugtraq\u0026m=130168502603566\u0026w=2"
          },
          {
            "name": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2"
          },
          {
            "name": "http://secunia.com/advisories/43192",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/43192"
          },
          {
            "name": "http://secunia.com/advisories/45022",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/45022"
          },
          {
            "name": "http://securityreason.com/securityalert/8093",
            "refsource": "MISC",
            "url": "http://securityreason.com/securityalert/8093"
          },
          {
            "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html",
            "refsource": "MISC",
            "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html"
          },
          {
            "name": "http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32",
            "refsource": "MISC",
            "url": "http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32"
          },
          {
            "name": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30",
            "refsource": "MISC",
            "url": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30"
          },
          {
            "name": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29",
            "refsource": "MISC",
            "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29"
          },
          {
            "name": "http://www.debian.org/security/2011/dsa-2160",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2011/dsa-2160"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:030",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:030"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2011-0791.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0791.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2011-1845.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1845.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/516209/30/90/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/516209/30/90/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/46174",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/46174"
          },
          {
            "name": "http://www.securitytracker.com/id?1025026",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id?1025026"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2011/0376",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2011/0376"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=675786",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675786"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[5.5.0,5.5.32),[6.0.0,6.0.30),[7.0.0,7.0.6)",
          "affected_versions": "All versions starting from 5.5.0 before 5.5.32, all versions starting from 6.0.0 before 6.0.30, all versions starting from 7.0.0 before 7.0.6",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2022-07-13",
          "description": "Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.",
          "fixed_versions": [
            "5.5.32",
            "6.0.30",
            "7.0.6"
          ],
          "identifier": "CVE-2011-0013",
          "identifiers": [
            "GHSA-3p86-xgrq-m6p6",
            "CVE-2011-0013"
          ],
          "not_impacted": "All versions before 5.5.0, all versions starting from 5.5.32 before 6.0.0, all versions starting from 6.0.30 before 7.0.0, all versions starting from 7.0.6",
          "package_slug": "maven/org.apache.tomcat/tomcat",
          "pubdate": "2022-05-03",
          "solution": "Upgrade to versions 5.5.32, 6.0.30, 7.0.6 or above.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2011-0013",
            "https://bugzilla.redhat.com/show_bug.cgi?id=675786",
            "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E",
            "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E",
            "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E",
            "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E",
            "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878",
            "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945",
            "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269",
            "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html",
            "http://marc.info/?l=bugtraq\u0026m=130168502603566\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2",
            "http://securityreason.com/securityalert/8093",
            "http://support.apple.com/kb/HT5002",
            "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html",
            "http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32",
            "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30",
            "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_(released_14_Jan_2011)",
            "http://www.debian.org/security/2011/dsa-2160",
            "http://www.redhat.com/support/errata/RHSA-2011-0791.html",
            "http://www.redhat.com/support/errata/RHSA-2011-0896.html",
            "http://www.redhat.com/support/errata/RHSA-2011-0897.html",
            "http://www.redhat.com/support/errata/RHSA-2011-1845.html",
            "https://github.com/advisories/GHSA-3p86-xgrq-m6p6"
          ],
          "uuid": "0460134c-19c3-4c74-8774-cba5d0192c2a"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-0013"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20110205 [SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/516209/30/90/threaded"
            },
            {
              "name": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=675786",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675786"
            },
            {
              "name": "46174",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/46174"
            },
            {
              "name": "http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32"
            },
            {
              "name": "1025026",
              "refsource": "SECTRACK",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securitytracker.com/id?1025026"
            },
            {
              "name": "ADV-2011-0376",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0376"
            },
            {
              "name": "DSA-2160",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2011/dsa-2160"
            },
            {
              "name": "MDVSA-2011:030",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:030"
            },
            {
              "name": "43192",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/43192"
            },
            {
              "name": "RHSA-2011:0896",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
            },
            {
              "name": "RHSA-2011:0791",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0791.html"
            },
            {
              "name": "RHSA-2011:0897",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0897.html"
            },
            {
              "name": "8093",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8093"
            },
            {
              "name": "http://support.apple.com/kb/HT5002",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT5002"
            },
            {
              "name": "APPLE-SA-2011-10-12-3",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
            },
            {
              "name": "45022",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/45022"
            },
            {
              "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html"
            },
            {
              "name": "RHSA-2011:1845",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1845.html"
            },
            {
              "name": "SSRT100627",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2"
            },
            {
              "name": "HPSBUX02860",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
            },
            {
              "name": "SUSE-SR:2011:005",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
            },
            {
              "name": "HPSBST02955",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
            },
            {
              "name": "57126",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/57126"
            },
            {
              "name": "HPSBUX02645",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=130168502603566\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:19269",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269"
            },
            {
              "name": "oval:org.mitre.oval:def:14945",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945"
            },
            {
              "name": "oval:org.mitre.oval:def:12878",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878"
            },
            {
              "name": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29",
              "refsource": "MISC",
              "tags": [],
              "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T01:18Z",
      "publishedDate": "2011-02-19T01:00Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-0013 (GCVE-0-2011-0013)

Solution

Solution

Description

Solution

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature