Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ; character, as demonstrated by a URI containing a snp/snoop.jsp; sequence.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tomcat | Apache | * | 4.1.36 (including) |
Tomcat | Apache | 4.0.0 (including) | 4.0.0 (including) |
Tomcat | Apache | 4.0.1 (including) | 4.0.1 (including) |
Tomcat | Apache | 4.0.2 (including) | 4.0.2 (including) |
Tomcat | Apache | 4.0.3 (including) | 4.0.3 (including) |
Tomcat | Apache | 4.0.4 (including) | 4.0.4 (including) |
Tomcat | Apache | 4.0.5 (including) | 4.0.5 (including) |
Tomcat | Apache | 5.0.0 (including) | 5.0.0 (including) |
Tomcat | Apache | 5.0.1 (including) | 5.0.1 (including) |
Tomcat | Apache | 5.0.2 (including) | 5.0.2 (including) |
Tomcat | Apache | 5.0.3 (including) | 5.0.3 (including) |
Tomcat | Apache | 5.0.4 (including) | 5.0.4 (including) |
Tomcat | Apache | 5.0.5 (including) | 5.0.5 (including) |
Tomcat | Apache | 5.0.6 (including) | 5.0.6 (including) |
Tomcat | Apache | 5.0.7 (including) | 5.0.7 (including) |
Tomcat | Apache | 5.0.8 (including) | 5.0.8 (including) |
Tomcat | Apache | 5.0.9 (including) | 5.0.9 (including) |
Tomcat | Apache | 5.0.10 (including) | 5.0.10 (including) |
Tomcat | Apache | 5.0.11 (including) | 5.0.11 (including) |
Tomcat | Apache | 5.0.12 (including) | 5.0.12 (including) |
Tomcat | Apache | 5.0.13 (including) | 5.0.13 (including) |
Tomcat | Apache | 5.0.14 (including) | 5.0.14 (including) |
Tomcat | Apache | 5.0.15 (including) | 5.0.15 (including) |
Tomcat | Apache | 5.0.16 (including) | 5.0.16 (including) |
Tomcat | Apache | 5.0.17 (including) | 5.0.17 (including) |
Tomcat | Apache | 5.0.18 (including) | 5.0.18 (including) |
Tomcat | Apache | 5.0.19 (including) | 5.0.19 (including) |
Tomcat | Apache | 5.0.21 (including) | 5.0.21 (including) |
Tomcat | Apache | 5.0.22 (including) | 5.0.22 (including) |
Tomcat | Apache | 5.0.23 (including) | 5.0.23 (including) |
Tomcat | Apache | 5.0.24 (including) | 5.0.24 (including) |
Tomcat | Apache | 5.0.25 (including) | 5.0.25 (including) |
Tomcat | Apache | 5.0.26 (including) | 5.0.26 (including) |
Tomcat | Apache | 5.0.27 (including) | 5.0.27 (including) |
Tomcat | Apache | 5.0.28 (including) | 5.0.28 (including) |
Tomcat | Apache | 5.0.29 (including) | 5.0.29 (including) |
Tomcat | Apache | 5.0.30 (including) | 5.0.30 (including) |
Tomcat | Apache | 5.5.0 (including) | 5.5.0 (including) |
Tomcat | Apache | 5.5.1 (including) | 5.5.1 (including) |
Tomcat | Apache | 5.5.2 (including) | 5.5.2 (including) |
Tomcat | Apache | 5.5.3 (including) | 5.5.3 (including) |
Tomcat | Apache | 5.5.4 (including) | 5.5.4 (including) |
Tomcat | Apache | 5.5.5 (including) | 5.5.5 (including) |
Tomcat | Apache | 5.5.6 (including) | 5.5.6 (including) |
Tomcat | Apache | 5.5.7 (including) | 5.5.7 (including) |
Tomcat | Apache | 5.5.8 (including) | 5.5.8 (including) |
Tomcat | Apache | 5.5.9 (including) | 5.5.9 (including) |
Tomcat | Apache | 5.5.10 (including) | 5.5.10 (including) |
Tomcat | Apache | 5.5.11 (including) | 5.5.11 (including) |
Tomcat | Apache | 5.5.12 (including) | 5.5.12 (including) |
Tomcat | Apache | 5.5.13 (including) | 5.5.13 (including) |
Tomcat | Apache | 5.5.14 (including) | 5.5.14 (including) |
Tomcat | Apache | 5.5.15 (including) | 5.5.15 (including) |
Tomcat | Apache | 5.5.16 (including) | 5.5.16 (including) |
Tomcat | Apache | 5.5.17 (including) | 5.5.17 (including) |
Tomcat | Apache | 5.5.18 (including) | 5.5.18 (including) |
Tomcat | Apache | 5.5.19 (including) | 5.5.19 (including) |
Tomcat | Apache | 5.5.20 (including) | 5.5.20 (including) |
Tomcat | Apache | 5.5.21 (including) | 5.5.21 (including) |
Tomcat | Apache | 5.5.22 (including) | 5.5.22 (including) |
Tomcat | Apache | 6.0.0 (including) | 6.0.0 (including) |
Tomcat | Apache | 6.0.1 (including) | 6.0.1 (including) |
Tomcat | Apache | 6.0.2 (including) | 6.0.2 (including) |
Tomcat | Apache | 6.0.3 (including) | 6.0.3 (including) |
Tomcat | Apache | 6.0.4 (including) | 6.0.4 (including) |
Tomcat | Apache | 6.0.5 (including) | 6.0.5 (including) |
Tomcat | Apache | 6.0.6 (including) | 6.0.6 (including) |
Tomcat | Apache | 6.0.7 (including) | 6.0.7 (including) |
Tomcat | Apache | 6.0.8 (including) | 6.0.8 (including) |
Tomcat | Apache | 6.0.10 (including) | 6.0.10 (including) |
Tomcat | Apache | 6.0.11 (including) | 6.0.11 (including) |
Tomcat | Apache | 6.0.12 (including) | 6.0.12 (including) |
Tomcat | Apache | 6.0.13 (including) | 6.0.13 (including) |