Vulnerability Name:

CVE-2005-4838 (CCN-18790)

Assigned:2005-01-06
Published:2005-01-06
Updated:2023-02-13
Summary:Apache Tomcat is vulnerable to cross-site scripting. A remote authenticated attacker could embed malicious script in a URL request to the Tomcat Manager, which would be executed in the victim's Web browser within the security context of the hosting site, `once the link is clicked.
CVSS v3 Severity:4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.6 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-4838

Source: CCN
Type: Apache Tomcat Web site
Apache Jakarta Tomcat

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2007-0340
Important: tomcat security update

Source: CCN
Type: RHSA-2008-0261
Moderate: Red Hat Network Satellite Server security update

Source: CCN
Type: RHSA-2008-0524
Low: Red Hat Network Satellite Server security update

Source: CCN
Type: RHSA-2008-0630
Low: Red Hat Network Satellite Server security update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: SA13737
Apache Tomcat "Tomcat Manager" Cross-Site Scripting

Source: CCN
Type: SECTRACK ID: 1012793
Jakarta Tomcat Manager Input Validation Holes Permit Cross-Site Scripting Attacks

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Oliver Karow Research Web page
Apache Jakarta Tomcat Cross Site Scripting Vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: OSVDB ID: 12721
Apache Tomcat examples/jsp2/el/functions.jsp XSS

Source: CCN
Type: OSVDB ID: 34878
Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS

Source: CCN
Type: OSVDB ID: 34879
Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
tomcat-manager-xss(18790)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apache tomcat 5.5.4
    redhat enterprise linux 3
    redhat enterprise linux 4
    redhat linux advanced workstation 2.1
    redhat enterprise linux 5