CVE-2011-0013

NameCVE-2011-0013
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2160-1
Debian Bugs612257

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tomcat6 (PTS)jessie, jessie (lts)6.0.45+dfsg-1~deb8u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tomcat5.5source(unstable)(unfixed)low
tomcat6sourcelenny(not affected)
tomcat6sourcesqueeze6.0.28-9+squeeze1DSA-2160-1
tomcat6source(unstable)6.0.28-10612257

Notes

[lenny] - tomcat5.5 <no-dsa> (Minor issue)
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)

Search for package or bug name: Reporting problems