Intrusion Prevention



There are multiple cross-site scripting vulnerabilities in the Manager and Host Manager web applications in Apache Tomcat. These vulnerabilities may allow remote authenticated users to inject arbitrary web scripts or HTML, via a parameter name, to manager/html/upload and other vectors.

Affected Products

Tomcat 4.0.0 to 4.0.6
Tomcat 4.1.0 to 4.1.36
Tomcat 5.0.0 to 5.0.30
Tomcat 5.5.0 to 5.5.24
Tomcat 6.0.0 to 6.0.13


Cross Site Scripting.

Recommended Actions

Currently we are not aware of any offically released patch on this issue.

CVE References