USN-1048-1 -- tomcat6 vulnerabilityID: oval:org.secpod.oval:def:700222 | Date: (C)2011-01-28 (M)2023-02-20 |
Class: PATCH | Family: unix |
It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data , within the same domain.
Platform: |
Ubuntu 10.10 |
Ubuntu 9.10 |
Ubuntu 10.04 |