*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: tomcat6 PublicDate: 2009-03-09 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781 Description: Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." ** Affects: tomcat5.5 (Ubuntu) Importance: Undecided Status: Confirmed ** Affects: tomcat6 (Ubuntu) Importance: Undecided Status: Confirmed ** Affects: tomcat5.5 (Ubuntu Gutsy) Importance: Undecided Status: Confirmed ** Affects: tomcat6 (Ubuntu Gutsy) Importance: Undecided Status: Invalid ** Affects: tomcat5.5 (Ubuntu Hardy) Importance: Undecided Status: Confirmed ** Affects: tomcat6 (Ubuntu Hardy) Importance: Undecided Status: Invalid ** Affects: tomcat5.5 (Ubuntu Intrepid) Importance: Undecided Status: Confirmed ** Affects: tomcat6 (Ubuntu Intrepid) Importance: Undecided Status: Confirmed ** Affects: tomcat5.5 (Ubuntu Jaunty) Importance: Undecided Status: Confirmed ** Affects: tomcat6 (Ubuntu Jaunty) Importance: Undecided Status: Confirmed ** Also affects: tomcat5.5 (Ubuntu) Importance: Undecided Status: New ** Changed in: tomcat6 (Ubuntu Intrepid) Status: New => Confirmed ** Changed in: tomcat6 (Ubuntu Jaunty) Status: New => Confirmed ** This bug has been flagged as a security issue ** Changed in: tomcat6 (Ubuntu Gutsy) Status: New => Invalid ** Changed in: tomcat6 (Ubuntu Hardy) Status: New => Invalid ** Changed in: tomcat5.5 (Ubuntu Gutsy) Status: New => Confirmed ** Changed in: tomcat5.5 (Ubuntu Hardy) Status: New => Confirmed ** Changed in: tomcat5.5 (Ubuntu Intrepid) Status: New => Confirmed ** Changed in: tomcat5.5 (Ubuntu Jaunty) Status: New => Confirmed -- CVE-2009-0781: XSS in tomcat6 and tomcat5.5 https://bugs.launchpad.net/bugs/341278 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs