Launchpad CVE tracker

CVE 2006-7196

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securityfoc...
MISC: http://www.securityfoc...
MISC: http://www.securityfoc...
MISC: http://www.securityfoc...
MISC: http://www.securityfoc...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://osvdb.org/34888
MISC: http://www.vupen.com/e...
MISC: http://www.vupen.com/e...
MISC: http://www.redhat.com/...
MISC: http://lists.opensuse....
MISC: https://lists.apache.o...
MISC: https://lists.apache.o...
MISC: https://lists.apache.o...
MISC: http://community.ca.co...
MISC: http://support.avaya.c...
MISC: http://support.ca.com/...
MISC: http://tomcat.apache.o...
MISC: http://tomcat.apache.o...

Launchpad.net

CVE 2006-7196

Related bugs

References