Oval Definition:	oval:org.mitre.oval:def:10578
Revision Date: 2013-04-29 Version: 12 Title: Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. Description: Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2007-2449 Platform(s): CentOS Linux 5 Oracle Linux 5 Red Hat Enterprise Linux 5 Product(s): Definition Synopsis RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 OR The operating system installed on the system is CentOS Linux 5.x OR Oracle Linux 5.x AND Configuration section tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.1.0.4.el5 OR tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.1.0.4.el5 OR tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.1.0.4.el5 OR tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.1.0.4.el5 OR tomcat5-webapps is earlier than 0:5.5.23-0jpp.1.0.4.el5 OR tomcat5 is earlier than 0:5.5.23-0jpp.1.0.4.el5 OR tomcat5-jasper is earlier than 0:5.5.23-0jpp.1.0.4.el5 OR tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.1.0.4.el5 OR tomcat5-server-lib is earlier than 0:5.5.23-0jpp.1.0.4.el5 OR tomcat5-common-lib is earlier than 0:5.5.23-0jpp.1.0.4.el5 OR tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.1.0.4.el5
BACK