CVE-2005-4838 in Jakarta Tomcatinfo

Zusammenfassung (Englisch)

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservieren

25.04.2007

Veröffentlichung

31.12.2005

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
1096	Apache Jakarta Tomcat bis 5.5.6 Messenger Cross Site Scripting	79	High	Offizieller Fix	CVE-2005-4838

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

◂ ZurückÜbersichtWeiter ▸

Interested in the pricing of exploits?

See the underground prices here!