Red Hat Bugzilla – Bug 178175
CVE-2006-0254 tomcat examples XSS
Last modified: 2008-01-29 04:58:10 EST
A new cross-site scripting flaw has been reported in the tomcat jsp examples as
shipped in tomcat5-webapps in Red Hat Application Server. See
This is fixed in upstream svn.
Marking this as moderate severity as users should not be putting examples into
production environments. I've held off marking it low as the examples ought to
show good practices and our users may copy the bad behaviour.
Note also these issues
Note: We've not looked which of these issues actually affect the tomcat5-webapps
This issue has been fixed upstream with Tomcat version 5.5.12 and the upstream
version is part of errata RHSA-2006:0161.