Apache.Tomcat.Manager.XSS
Description
There are multiple cross-site scripting vulnerabilities in the Manager and Host Manager web applications in Apache Tomcat. These vulnerabilities may allow remote authenticated users to inject arbitrary web scripts or HTML, via a parameter name, to manager/html/upload and other vectors.
Affected Products
Tomcat 4.0.0 to 4.0.6
Tomcat 4.1.0 to 4.1.36
Tomcat 5.0.0 to 5.0.30
Tomcat 5.5.0 to 5.5.24
Tomcat 6.0.0 to 6.0.13
Impact
Cross Site Scripting.
Recommended Actions
Currently we are not aware of any offically released patch on this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |