// For flags

CVE-2011-0013

tomcat: XSS vulnerability in HTML Manager interface

Severity Score

4.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en la interfaz de HTML Manager en Apache Software Foundation Tomcat v7.0 antes de v7.0.6, v5.5 antes de v5.5.32 y v6.0 antes de v6.0.30 permiten a atacantes remotos inyectar secuencias de comandos web o HTML, como se demuestra a través de una etiqueta display-name.

Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 1 of this advisory.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-12-07 CVE Reserved
  • 2011-02-18 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (34)
URL Tag Source
http://secunia.com/advisories/45022 Third Party Advisory
http://secunia.com/advisories/57126 Third Party Advisory
http://securityreason.com/securityalert/8093 Third Party Advisory
http://support.apple.com/kb/HT5002 X_refsource_confirm
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html X_refsource_confirm
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29 X_refsource_confirm
http://www.securityfocus.com/archive/1/516209/30/90/threaded Mailing List
http://www.securityfocus.com/bid/46174 Vdb Entry
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269 Signature
URL Date SRC
http://www.securitytracker.com/id?1025026 2024-08-06
URL Date SRC
http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32 2023-02-13
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30 2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=675786 2011-12-20
URL Date SRC
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html 2023-02-13
http://marc.info/?l=bugtraq&m=130168502603566&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=132215163318824&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=136485229118404&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=139344343412337&w=2 2023-02-13
http://secunia.com/advisories/43192 2023-02-13
http://www.debian.org/security/2011/dsa-2160 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2011:030 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0791.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0896.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0897.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-1845.html 2023-02-13
http://www.vupen.com/english/advisories/2011/0376 2023-02-13
https://access.redhat.com/security/cve/CVE-2011-0013 2011-12-20
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 7.0.0
Search vendor "Apache" for product "Tomcat" and version "7.0.0"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 7.0.1
Search vendor "Apache" for product "Tomcat" and version "7.0.1"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 7.0.2
Search vendor "Apache" for product "Tomcat" and version "7.0.2"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 7.0.3
Search vendor "Apache" for product "Tomcat" and version "7.0.3"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 7.0.4
Search vendor "Apache" for product "Tomcat" and version "7.0.4"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 7.0.5
Search vendor "Apache" for product "Tomcat" and version "7.0.5"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0
Search vendor "Apache" for product "Tomcat" and version "6.0"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.0
Search vendor "Apache" for product "Tomcat" and version "6.0.0"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.1
Search vendor "Apache" for product "Tomcat" and version "6.0.1"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.2
Search vendor "Apache" for product "Tomcat" and version "6.0.2"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.3
Search vendor "Apache" for product "Tomcat" and version "6.0.3"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.4
Search vendor "Apache" for product "Tomcat" and version "6.0.4"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.5
Search vendor "Apache" for product "Tomcat" and version "6.0.5"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.6
Search vendor "Apache" for product "Tomcat" and version "6.0.6"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.7
Search vendor "Apache" for product "Tomcat" and version "6.0.7"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.8
Search vendor "Apache" for product "Tomcat" and version "6.0.8"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.9
Search vendor "Apache" for product "Tomcat" and version "6.0.9"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.10
Search vendor "Apache" for product "Tomcat" and version "6.0.10"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.11
Search vendor "Apache" for product "Tomcat" and version "6.0.11"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.12
Search vendor "Apache" for product "Tomcat" and version "6.0.12"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.13
Search vendor "Apache" for product "Tomcat" and version "6.0.13"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.14
Search vendor "Apache" for product "Tomcat" and version "6.0.14"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.15
Search vendor "Apache" for product "Tomcat" and version "6.0.15"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.16
Search vendor "Apache" for product "Tomcat" and version "6.0.16"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.17
Search vendor "Apache" for product "Tomcat" and version "6.0.17"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.18
Search vendor "Apache" for product "Tomcat" and version "6.0.18"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.19
Search vendor "Apache" for product "Tomcat" and version "6.0.19"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.20
Search vendor "Apache" for product "Tomcat" and version "6.0.20"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.24
Search vendor "Apache" for product "Tomcat" and version "6.0.24"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.26
Search vendor "Apache" for product "Tomcat" and version "6.0.26"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.27
Search vendor "Apache" for product "Tomcat" and version "6.0.27"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.28
Search vendor "Apache" for product "Tomcat" and version "6.0.28"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.29
Search vendor "Apache" for product "Tomcat" and version "6.0.29"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.0
Search vendor "Apache" for product "Tomcat" and version "5.5.0"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.1
Search vendor "Apache" for product "Tomcat" and version "5.5.1"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.2
Search vendor "Apache" for product "Tomcat" and version "5.5.2"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.3
Search vendor "Apache" for product "Tomcat" and version "5.5.3"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.4
Search vendor "Apache" for product "Tomcat" and version "5.5.4"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.5
Search vendor "Apache" for product "Tomcat" and version "5.5.5"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.6
Search vendor "Apache" for product "Tomcat" and version "5.5.6"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.7
Search vendor "Apache" for product "Tomcat" and version "5.5.7"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.8
Search vendor "Apache" for product "Tomcat" and version "5.5.8"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.9
Search vendor "Apache" for product "Tomcat" and version "5.5.9"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.10
Search vendor "Apache" for product "Tomcat" and version "5.5.10"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.11
Search vendor "Apache" for product "Tomcat" and version "5.5.11"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.12
Search vendor "Apache" for product "Tomcat" and version "5.5.12"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.13
Search vendor "Apache" for product "Tomcat" and version "5.5.13"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.14
Search vendor "Apache" for product "Tomcat" and version "5.5.14"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.15
Search vendor "Apache" for product "Tomcat" and version "5.5.15"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.16
Search vendor "Apache" for product "Tomcat" and version "5.5.16"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.17
Search vendor "Apache" for product "Tomcat" and version "5.5.17"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.18
Search vendor "Apache" for product "Tomcat" and version "5.5.18"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.19
Search vendor "Apache" for product "Tomcat" and version "5.5.19"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.20
Search vendor "Apache" for product "Tomcat" and version "5.5.20"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.21
Search vendor "Apache" for product "Tomcat" and version "5.5.21"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.22
Search vendor "Apache" for product "Tomcat" and version "5.5.22"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.23
Search vendor "Apache" for product "Tomcat" and version "5.5.23"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.24
Search vendor "Apache" for product "Tomcat" and version "5.5.24"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.25
Search vendor "Apache" for product "Tomcat" and version "5.5.25"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.26
Search vendor "Apache" for product "Tomcat" and version "5.5.26"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.27
Search vendor "Apache" for product "Tomcat" and version "5.5.27"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.28
Search vendor "Apache" for product "Tomcat" and version "5.5.28"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.29
Search vendor "Apache" for product "Tomcat" and version "5.5.29"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.30
Search vendor "Apache" for product "Tomcat" and version "5.5.30"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.31
Search vendor "Apache" for product "Tomcat" and version "5.5.31"
-
Affected