Home > Vulnerability Database > CVE-2009-0781

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2009-0781

Date: March 9, 2009

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

Severity Score

3.7

Related Resources (59)

Url: http://secunia.com/advisories/35788

Url: https://marc.info/?l=bugtraq&m=136485229118404&w=2

Url: https://access.redhat.com/errata/RHSA-2009:1164

Url: https://bugzilla.redhat.com/show_bug.cgi?id=489028

Url: https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-0781

Url: https://access.redhat.com/errata/RHSA-2009:1562

Url: https://tomcat.apache.org/security-6.html

Url: https://marc.info/?l=bugtraq&m=133469267822771&w=2

Url: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html

Url: http://www.securityfocus.com/archive/1/501538/100/0/threaded

Url: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

Url: https://www.debian.org/security/2011/dsa-2207

Url: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html

Url: https://marc.info/?l=bugtraq&m=129070310906557&w=2

Url: https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345

Url: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

Url: http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Url: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html

Url: https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Url: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

Url: http://www.debian.org/security/2011/dsa-2207

Url: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:138

Url: https://tomcat.apache.org/security-5.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:136

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1

Url: http://www.vupen.com/english/advisories/2009/3316

Url: https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

Url: http://marc.info/?l=bugtraq&m=129070310906557&w=2

Url: http://tomcat.apache.org/security-5.html

Url: http://secunia.com/advisories/35685

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564

Url: https://access.redhat.com/security/cve/CVE-2009-0781

Url: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

Url: http://marc.info/?l=bugtraq&m=133469267822771&w=2

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/49213

Url: https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

Url: http://tomcat.apache.org/security-4.html

Url: https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

Url: http://marc.info/?l=bugtraq&m=127420533226623&w=2

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041

Url: http://www.vupen.com/english/advisories/2010/3056

Url: https://tomcat.apache.org/security-4.html

Url: http://support.apple.com/kb/HT4077

Url: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

Url: http://www.securityfocus.com/archive/1/507985/100/0/threaded

Url: http://marc.info/?l=bugtraq&m=136485229118404&w=2

Url: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

Url: https://marc.info/?l=bugtraq&m=127420533226623&w=2

Url: http://secunia.com/advisories/37460

Url: http://tomcat.apache.org/security-6.html

Url: http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

Url: https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

Url: https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

Url: http://www.vupen.com/english/advisories/2009/1856

Url: http://secunia.com/advisories/42368

Url: https://www.mend.io/vulnerability-database/CVE-2009-0781

Severity Score

3.7

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us