Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities

Bugtraq ID: 45015
Class: Input Validation Error
CVE: CVE-2010-4172
Remote: Yes
Local: No
Published: Nov 22 2010 12:00AM
Updated: Feb 27 2014 01:33PM
Credit: Adam Muntner of Gotham Digital Science
Vulnerable: Ubuntu Ubuntu Linux 9.10 sparc
Ubuntu Ubuntu Linux 9.10 powerpc
Ubuntu Ubuntu Linux 9.10 lpia
Ubuntu Ubuntu Linux 9.10 i386
Ubuntu Ubuntu Linux 9.10 ARM
Ubuntu Ubuntu Linux 9.10 amd64
Ubuntu Ubuntu Linux 10.10 powerpc
Ubuntu Ubuntu Linux 10.10 i386
Ubuntu Ubuntu Linux 10.10 ARM
Ubuntu Ubuntu Linux 10.10 amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
SuSE SUSE Linux Enterprise 11 SP1
SuSE openSUSE 11.3
Sun Solaris 9_x86
Sun Solaris 9_sparc
Sun Solaris 11 Express
Sun Solaris 10_x86
Sun Solaris 10_sparc
S.u.S.E. openSUSE 11.2
RedHat JBoss Enterprise Web Server EL4 0
Red Hat JBoss Enterprise Web Server for Windows 1.0
Red Hat JBoss Enterprise Web Server for Solaris 1.0
Red Hat JBoss Enterprise Web Server for RHEL 6 1.0
Red Hat JBoss Enterprise Web Server for RHEL 5 Server 1.0
Red Hat JBoss Enterprise Web Server for RHEL 4 ES 1.0
Red Hat JBoss Enterprise Web Server for RHEL 4 AS 1.0
Red Hat JBoss Enterprise Web Server 5.0
Red Hat Enterprise Linux Workstation Optional 6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server Optional 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux HPC Node Optional 6
Red Hat Enterprise Linux Desktop Optional 6
Gentoo Linux
Blue Coat Systems Intelligence Center 3.2.1
Blue Coat Systems Intelligence Center 3.1.2
Blue Coat Systems Intelligence Center 3.1.1
Blue Coat Systems Intelligence Center 2.1.2
Blue Coat Systems Intelligence Center 2.1.1
Blue Coat Systems Intelligence Center 2.1
Blue Coat Systems Intelligence Center 2.0.1
Blue Coat Systems Intelligence Center 2.0
Blue Coat Systems Intelligence Center 3.2
Blue Coat Systems Intelligence Center 3.1
Avaya Voice Portal 5.1.2
Avaya Voice Portal 5.1.1
Avaya Voice Portal 5.1 SP1
Avaya Voice Portal 5.1
Avaya Voice Portal 5.1
Avaya Voice Portal 5.0 SP2
Avaya Voice Portal 5.0 SP1
Avaya Voice Portal 5.0
Avaya IP Office Application Server 8.0
Avaya IP Office Application Server 7.0
Avaya IP Office Application Server 6.1
Avaya IP Office Application Server 6.0
Avaya Interactive Response 4.0
Avaya Interactive Response 3.0
Avaya Aura System Manager 6.1
Avaya Aura System Manager 6.0
Avaya Aura System Manager 5.2
Avaya Aura Session Manager 6.1
Avaya Aura Session Manager 6.0
Avaya Aura Session Manager 5.2
Avaya Aura Session Manager 1.1
Avaya Aura Presence Services 6.1
Avaya Aura Presence Services 6.0
Avaya Aura Presence Services 5.2
Avaya Aura Messaging 6.0.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Messaging 6.0
Avaya Aura Communication Manager Utility Services 6.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Communication Manager Utility Services 6.0
Avaya Aura Communication Manager 6.0.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Communication Manager 6.0
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Application Enablement Services 5.2.1
Avaya Aura Application Enablement Services 6.1.1
Avaya Aura Application Enablement Services 6.1
Avaya Aura Application Enablement Services 5.2.3
Avaya Aura Application Enablement Services 5.2.2
Avaya Aura Application Enablement Services 5.2
Apple Mac OS X Server 10.6.6
Apple Mac OS X Server 10.6.5
Apple Mac OS X Server 10.6.5
Apple Mac OS X Server 10.6.4
Apple Mac OS X Server 10.6.3
Apple Mac OS X Server 10.6.2
Apple Mac OS X Server 10.6.1
Apple Mac Os X Server 10.6.8
Apple Mac Os X Server 10.6.7
Apple Mac OS X Server 10.6
Apple Mac OS X 10.6.5
Apple Mac OS X 10.6.4
Apple Mac OS X 10.6.3
Apple Mac OS X 10.6.2
Apple Mac OS X 10.6.1
Apple Mac OS X 10.6
Apache Software Foundation Tomcat 7.0.4
Apache Software Foundation Tomcat 7.0.3
Apache Software Foundation Tomcat 7.0.2
Apache Software Foundation Tomcat 7.0.1
Apache Software Foundation Tomcat 6.0.29
Apache Software Foundation Tomcat 6.0.28
Apache Software Foundation Tomcat 6.0.27
Apache Software Foundation Tomcat 6.0.26
Apache Software Foundation Tomcat 6.0.25
Apache Software Foundation Tomcat 6.0.24
Apache Software Foundation Tomcat 6.0.20
Apache Software Foundation Tomcat 6.0.18
Apache Software Foundation Tomcat 6.0.16
Apache Software Foundation Tomcat 6.0.15
Apache Software Foundation Tomcat 6.0.14
Apache Software Foundation Tomcat 6.0.13
Apache Software Foundation Tomcat 6.0.12
Apache Software Foundation Tomcat 7.0
Apache Software Foundation Geronimo 2.1.7
Apache Software Foundation Geronimo 2.1.6
Apache Software Foundation Geronimo 2.1.5
Apache Software Foundation Geronimo 2.1.4
Apache Software Foundation Geronimo 2.1.3
Apache Software Foundation Geronimo 2.1.2
Apache Software Foundation Geronimo 2.1.1
Apache Software Foundation Geronimo 2.0.2
Apache Software Foundation Geronimo 2.0.1
Apache Software Foundation Geronimo 1.1.1
Apache Software Foundation Geronimo 1.1
Apache Software Foundation Geronimo 1.0.1
Apache Software Foundation Geronimo 1.0
Apache Software Foundation Geronimo 2.1
Apache Software Foundation Geronimo 2.0
Apache Software Foundation Geronimo 1.2
Apache Software Foundation Geronimo 1.1
Apache Software Foundation Geronimo 1.0
Not Vulnerable: Red Hat JBoss Enterprise Web Server for Windows 1.0.2
Red Hat JBoss Enterprise Web Server for Solaris 1.0.2
Red Hat JBoss Enterprise Web Server for RHEL 6 1.0.2
Red Hat JBoss Enterprise Web Server for RHEL 5 Server 1.0.2
Red Hat JBoss Enterprise Web Server for RHEL 4 ES 1.0.2
Red Hat JBoss Enterprise Web Server for RHEL 4 AS 1.0.2
Blue Coat Systems Intelligence Center 3.2.2.1
Apache Software Foundation Tomcat 7.0.5
Apache Software Foundation Tomcat 6.0.30
Apache Software Foundation Geronimo 2.1.8


 

Privacy Statement
Copyright 2010, SecurityFocus