Bug: Apache Tomcat Manager XSS vulnerability ( Ascii Version )

Search:
WLB2

Apache Tomcat Manager XSS vulnerability

Published
Credit
Risk
2011.02.22
Mark Thomas
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2011-0013
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2011-0013 Apache Tomcat Manager XSS vulnerability

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
- - Tomcat 7.0.0 to 7.0.5
- - Tomcat 6.0.0 to 6.0.29
- - Tomcat 5.5.0 to 5.5.31
- - Earlier, unsupported versions may also be affected

Description:
The HTML Manager interface displayed web applciation provided data, such
as display names, without filtering. A malicious web application could
trigger script execution by an administartive user when viewing the
manager pages.

Example:
<display-name><script>alert('hi');</script></display-name>

Mitigation:
Users of affected versions should apply one of the following mitigations:
- - Upgrade to a Tomcat version where this issue is fixed
- - Undeploy untrusted web applications
- - Remove the Manager application

Credit:
The issue was identified by the Tomcat security team.

References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNTLB+AAoJEBDAHFovYFnnul0P/iupVkfHFjgIN5rkDHVoArfU
MkIcm5GMCqb1d0th8JmEtoFlI09sTJdGwyUbiC4hnuj/lA+BJuW/wDSzM2esfXGX
okraVm1SI6eI5DceQf/QzPZ9FIq3Z8mqixzBX959aQY1+JnW3Ah4vIYvZpaKpyi+
BMIj0JtIVEVNajAnUYQn9ruZg9FFX+t1Ajb6n+CJV3D4ux7XMGLFv2y5XPwVwJXm
AP/0jAHoMbjaRMwHrUxgkIDMpwpOcHFIfFq7zHjo9OTtL2LJ+vrB3FlxV6rZygMt
gwPeDeUoCCphrf1UncUzckW280/WGfsr3xncNEOpCG3o6xQkRV8eoGNikw5xZ2U8
YxLr4RdpJemUhx94jDYiMdT/gYyHbMfHtVsG3VObFp2yEjnLHU7HI6tI3C617nau
Czg1Z/YqnUvZfGDQDL5bXkF6dlWav9CmXuXht7gS3yskkYIJPJn0oZhAYweznK+v
Ua3jqNvsVktsGd76UtRh246Js6ie4EYmusZ3LqJQmsbkoPxkcAFuHCkZqVBR37SF
tt9yI7qUAb+022L+EGQkmjfcy0O9e4WKMXwf5ocywSDVAJH2/EuGTY1vAojHqGNO
hM88fdKus3Vfvj4vqzkAH+4LpdpPmK80xl+KxSJMBg+cWYLe6OGYEL7FbdoswcRv
cNZcMy4fbYmWPQkY+miZ
=sDwq
-----END PGP SIGNATURE-----

References:

https://bugzilla.redhat.com/show_bug.cgi?id=675786
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_(released_14_Jan_2011
)
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30
http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32
http://www.vupen.com/english/advisories/2011/0376
http://www.securitytracker.com/id?1025026
http://www.securityfocus.com/bid/46174
http://www.securityfocus.com/archive/1/516209/30/90/threaded

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version