Bug 430646 (CVE-2006-0254)

Summary: CVE-2006-0254 tomcat examples XSS
Product: [Other] Security Response Reporter: Mark J. Cox <mjc>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: djorm, fnasser
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0254
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-03 06:50:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 178175, 178176, 430730, 430731, 440521, 445320, 449337, 470236, 470237    
Bug Blocks: 444136    

Description Mark J. Cox 2008-01-29 09:57:13 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2006-0254 to the following vulnerability:

Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.

References:

http://www.securityfocus.com/archive/1/archive/1/421996/100/0/threaded
http://issues.apache.org/jira/browse/GERONIMO-1474
http://www.oliverkarow.de/research/geronimo_css.txt
https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create
http://www.securityfocus.com/bid/16260
http://www.frsirt.com/english/advisories/2006/0217
http://secunia.com/advisories/18485
http://xforce.iss.net/xforce/xfdb/24159
http://xforce.iss.net/xforce/xfdb/24158