[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-4838Date: (C)2005-12-31   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1012793
OSVDB-12721
SECUNIA-13737
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065598.html
SECUNIA-31493
OSVDB-34878
OSVDB-34879
RHSA-2008:0261
RHSA-2008:0630
http://marc.info/?l=tomcat-dev&m=110476790331536&w=2
http://marc.info/?l=tomcat-dev&m=110477195116951&w=2
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://www.oliverkarow.de/research/jakarta556_xss.txt
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
tomcat-functions-xss(36467)

CPE    1
cpe:/a:apache:tomcat
CWE    1
CWE-79

© SecPod Technologies