Page 7 of 38 results (0.008 seconds)

CVSS: 4.3EPSS: 95%CPEs: 73EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en ciertos ficheros JSP en la aplicación web de ejemplo en el Apache Tomcat 4.0.0 hasta el 4.0.6, 4.1.0 hasta el 4.1.36, 5.0.0 hasta el 5.0.30, 5.5.0 hasta el 5.5.24 y el 6.0.0 hasta el 6.0.13 permiten a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de la porción de URI después del caracter ';', como lo demostrado utilizando una URI que contenía una secuencia "snp/snoop.jsp;". Apache Tomcat versions 4.0.0 to 4.0.6, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.24, and 6.0.0 to 6.0.13 suffer from a cross site scripting flaw in their JSP examples. • https://www.exploit-db.com/exploits/30189 http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://osvdb.org/36080 http://rhn.redhat.com/errata/RHSA-2008-0630.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 10%CPEs: 52EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la aplicación ejemplo appdev/sample/web/hello.jsp en Tomcat 4.0.0 hasta la 4.0.6, 4.1.0 hasta la 4.1.36, 5.0.0 hasta la 5.0.30, 5.5.0 hasta la5.5.23, y 6.0.0 hasta la 6.0.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro test y vectores no especificados. The Tomcat documentation web application includes a sample application that contains multiple cross site scripting vulnerabilities. Versions affected include Tomcat 4.0.0 to 4.0.6, Tomcat 4.1.0 to 4.1.36, Tomcat 5.0.0 to 5.0.30, Tomcat 5.5.0 to 5.5.23, and Tomcat 6.0.0 to 6.0.10. • https://www.exploit-db.com/exploits/30052 http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://osvdb.org/34875 http://rhn.redhat.com/errata/RHSA-2008-0630.html http://secunia.com/advisories/27037 http://secunia.com/advisories/27727 http://secunia.com/advisories/30802 http://secunia.com/advisories&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 0%CPEs: 43EXPL: 0

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. La configuración de cifrado SSL por defecto en Apache Tomcat 4.1.28 hasta 4.1.31, 5.0.0 hasta 5.0.30, y 5.5.0 hasta 5.5.17 utiliza determinadas claves inseguras, incluyendo la clave anónima, lo cual permite a atacantes remotos obtener información sensible o tener otros impactos no especificados. • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html http://marc.info/?l=bugtraq&m=133114899904925&w=2 http://osvdb.org/34882 http://secunia.com/advisories/29392 http://secunia.com/advisories/33668 http://secunia.com/advisories/44183 http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://tomcat.ap •

CVSS: 4.3EPSS: 1%CPEs: 37EXPL: 0

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en implicit-objects.jsp del Apache Tomcat 5.0.0 hasta el 5.0.30 y el 5.5.0 hasta la 5.5.17 permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de ciertos valores en la cabecera. • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://lists.vmware.com/pipermail/security-announce/2008/000003.html http://secunia.com/advisories/28365 http://secunia.com/advisories/33668 http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://tomcat.apache.org/security-5.html http://www.redhat.com/support/errata/RHSA-2007-0327.html http://www.redhat.com/support/errata • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 95%CPEs: 54EXPL: 1

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el ejemplo de aplicación de calendario en Apache Tomcat versión 4.0.0 hasta 4.0.6, versión 4.1.0 hasta 4.1.31, versión 5.0.0 hasta 5.0.30 y versión 5.5.0 hasta 5.5.15 permite a atacantes remotos inyectar script web o HTML arbitrarias por medio del parámetro time hacia el archivo cal2.jsp y posiblemente otros vectores no especificados. NOTA: esto puede estar relacionado con CVE-2006-0254.1. • https://www.exploit-db.com/exploits/30563 http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://osvdb.org/34888 http://secunia.com/advisories/29242 http://secunia.com/advisories/33668 http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://tomcat.apache.org/security-4.html http://tomcat.apache • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •