|Bugzilla:||238401: CVE-2005-4838 tomcat manager example DoS|
The MITRE CVE dictionary describes this issue as:
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
Red Hat security errata
|Red Hat Application Server 3AS (tomcat5)||RHSA-2007:0340||May 08, 2007|
|Red Hat Satellite 5.0 (RHEL v.4 AS)||RHSA-2008:0261||May 20, 2008|
|Red Hat Satellite 5.1 (RHEL v.4 AS)||RHSA-2008:0630||August 13, 2008|
|Red Hat Satellite v 4.2 (RHEL v.3 AS)||RHSA-2008:0524||June 30, 2008|
|Red Hat Satellite v 4.2 (RHEL v.4 AS)||RHSA-2008:0524||June 30, 2008|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.