Bug 238401 - (CVE-2005-4838) CVE-2005-4838 tomcat manager example DoS
CVE-2005-4838 tomcat manager example DoS
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 238402 430730 430731 440521 445320 449337 470236 470237
Blocks: 444136
  Show dependency treegraph
Reported: 2007-04-30 05:55 EDT by Mark J. Cox
Modified: 2013-04-10 17:05 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-04-10 17:05:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0630 normal SHIPPED_LIVE Low: Red Hat Network Satellite Server security update 2008-08-13 10:55:17 EDT

  None (edit)
Description Mark J. Cox 2007-04-30 05:55:08 EDT
According to http://tomcat.apache.org/security-5.html

"Various JSPs included as part of the JSP examples and the Tomcat Manager are
susceptible to a cross-site scripting attack as they do not escape user provided
data before including it in the returned page."

Affects: 5.0.0-5.0.30, 5.5.0-5.5.6
Comment 4 Vincent Danen 2013-04-10 17:05:23 EDT
This has been corrected in various versions of Satellite:


Note You need to log in before you can comment on or make changes to this bug.