[Bug 341278] [NEW] CVE-2009-0781: XSS in tomcat6 and tomcat5.5

Jamie Strandboge jamie at ubuntu.com
Wed Mar 11 18:40:54 GMT 2009 

*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: tomcat6

PublicDate: 2009-03-09
References:
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781
Description:
 Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the
 calendar application in the examples web application in Apache Tomcat 4.1.0
 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows
 remote attackers to inject arbitrary web script or HTML via the time
 parameter, related to "invalid HTML."

** Affects: tomcat5.5 (Ubuntu)
     Importance: Undecided
         Status: Confirmed

** Affects: tomcat6 (Ubuntu)
     Importance: Undecided
         Status: Confirmed

** Affects: tomcat5.5 (Ubuntu Gutsy)
     Importance: Undecided
         Status: Confirmed

** Affects: tomcat6 (Ubuntu Gutsy)
     Importance: Undecided
         Status: Invalid

** Affects: tomcat5.5 (Ubuntu Hardy)
     Importance: Undecided
         Status: Confirmed

** Affects: tomcat6 (Ubuntu Hardy)
     Importance: Undecided
         Status: Invalid

** Affects: tomcat5.5 (Ubuntu Intrepid)
     Importance: Undecided
         Status: Confirmed

** Affects: tomcat6 (Ubuntu Intrepid)
     Importance: Undecided
         Status: Confirmed

** Affects: tomcat5.5 (Ubuntu Jaunty)
     Importance: Undecided
         Status: Confirmed

** Affects: tomcat6 (Ubuntu Jaunty)
     Importance: Undecided
         Status: Confirmed

** Also affects: tomcat5.5 (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: tomcat6 (Ubuntu Intrepid)
       Status: New => Confirmed

** Changed in: tomcat6 (Ubuntu Jaunty)
       Status: New => Confirmed

** This bug has been flagged as a security issue

** Changed in: tomcat6 (Ubuntu Gutsy)
       Status: New => Invalid

** Changed in: tomcat6 (Ubuntu Hardy)
       Status: New => Invalid

** Changed in: tomcat5.5 (Ubuntu Gutsy)
       Status: New => Confirmed

** Changed in: tomcat5.5 (Ubuntu Hardy)
       Status: New => Confirmed

** Changed in: tomcat5.5 (Ubuntu Intrepid)
       Status: New => Confirmed

** Changed in: tomcat5.5 (Ubuntu Jaunty)
       Status: New => Confirmed

-- 
CVE-2009-0781: XSS in tomcat6 and tomcat5.5
https://bugs.launchpad.net/bugs/341278
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat6 in ubuntu.

More information about the Ubuntu-server-bugs mailing list