CVE-2005-4838 in Jakarta Tomcat정보

요약 (영어)

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

예약하다

2007. 04. 25.

공개

2005. 12. 31.

상태

확인됨

엔트리

VulDB provides additional information and datapoints for this CVE:

아이디취약성CWE악용 대책CVE
1096Apache Jakarta Tomcat Messenger functions.jsp 크로스 사이트 스크립팅79높음공식 수정CVE-2005-4838

설명

CPE

CWE

CVSS

익스플로잇

역사

차이

연결하다

위협 인텔리전스

API JSON

API XML

API CSV

출처

이전개요다음

Do you want to use VulDB in your project?

Use the official API to access entries easily!