Home > Vulnerability Database > CVE-2011-0013

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2011-0013

Good to know:

Date: February 18, 2011

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Language: Java

Severity Score

3.7

Related Resources (53)

Url: https://github.com/apache/tomcat/commit/58223c5ecc0751c3642c810f291b8f033d33b97f

Url: http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

Url: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Url: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html

Url: https://github.com/apache/tomcat

Url: https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126

Url: https://web.archive.org/web/20120213130147/http://www.securityfocus.com/bid/46174

Url: https://web.archive.org/web/20120126065143/http://www.securityfocus.com/archive/1/516209/30/90/threaded

Url: http://secunia.com/advisories/45022

Url: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

Url: http://www.securitytracker.com/id?1025026

Url: http://www.vupen.com/english/advisories/2011/0376

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878

Url: https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269

Url: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

Url: https://bugzilla.redhat.com/show_bug.cgi?id=675786

Url: http://www.redhat.com/support/errata/RHSA-2011-0791.html

Url: https://github.com/apache/tomcat55/commit/863d77c7d321245de019ac32252828e0a025c5b4

Url: https://access.redhat.com/errata/RHSA-2011:0896

Url: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

Url: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

Url: http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32

Url: http://www.debian.org/security/2011/dsa-2160

Url: https://access.redhat.com/errata/RHSA-2011:0897

Url: http://www.securityfocus.com/bid/46174

Url: https://web.archive.org/web/20111229163935/http://secunia.com/advisories/43192

Url: https://web.archive.org/web/20120126070320/http://www.securitytracker.com/id?1025026

Url: https://access.redhat.com/security/cve/CVE-2011-0013

Url: http://securityreason.com/securityalert/8093

Url: http://secunia.com/advisories/43192

Url: http://marc.info/?l=bugtraq&m=139344343412337&w=2

Url: http://www.redhat.com/support/errata/RHSA-2011-1845.html

Url: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2011:030

Url: http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30

Url: http://www.redhat.com/support/errata/RHSA-2011-0896.html

Url: http://secunia.com/advisories/57126

Url: http://support.apple.com/kb/HT5002

Url: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

Url: http://marc.info/?l=bugtraq&m=132215163318824&w=2

Url: http://marc.info/?l=bugtraq&m=136485229118404&w=2

Url: https://access.redhat.com/errata/RHSA-2011:0791

Url: http://www.redhat.com/support/errata/RHSA-2011-0897.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-0013

Url: http://marc.info/?l=bugtraq&m=130168502603566&w=2

Url: https://web.archive.org/web/20111227000129/http://secunia.com/advisories/45022

Url: https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

Url: http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29

Url: https://access.redhat.com/errata/RHSA-2011:1845

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945

Url: http://www.securityfocus.com/archive/1/516209/30/90/threaded

Url: https://www.mend.io/vulnerability-database/CVE-2011-0013

Severity Score

3.7

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us