FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  374826
Date:      2014-12-16
Time:      22:06:31Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
26a08c77-32da-4dd7-a884-a76fc49aa824tomcat -- Tomcat Manager cross-site scripting

Oliver Karow discovered cross-site scripting issues in the Apache Jakarta Tomcat manager. The developers refer to the issues as minor.


Discovery 2005-01-03
Entry 2005-06-01
Modified 2006-09-12
jakarta-tomcat
ge 5.0.* lt 5.0.30_5

ge 5.5.* lt 5.5.7

http://www.oliverkarow.de/research/jakarta556_xss.txt
http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg66978.html
872623af-39ec-11dc-b8cc-000fea449b8atomcat -- multiple vulnerabilities

Apache Project reports:

The Apache Tomcat team is proud to announce the immediate availability of Tomcat 4.1.36 stable. This build contains numerous library updates, A small number of bug fixes and two important security fixes.


Discovery 2007-04-27
Entry 2007-07-24
apache-tomcat
ge 4.1.0 lt 4.1.36

gt 6.0.0 lt 6.0.11

tomcat
gt 5.0.0 lt 5.5.23

jakarta-tomcat
ge 4.0.0 lt 4.1.0

gt 5.0.0 lt 5.5.23

CVE-2005-2090
CVE-2007-0450
CVE-2007-1358
872623af-39ec-11dc-b8cc-000fea449b8atomcat -- multiple vulnerabilities

Apache Project reports:

The Apache Tomcat team is proud to announce the immediate availability of Tomcat 4.1.36 stable. This build contains numerous library updates, A small number of bug fixes and two important security fixes.


Discovery 2007-04-27
Entry 2007-07-24
apache-tomcat
ge 4.1.0 lt 4.1.36

gt 6.0.0 lt 6.0.11

tomcat
gt 5.0.0 lt 5.5.23

jakarta-tomcat
ge 4.0.0 lt 4.1.0

gt 5.0.0 lt 5.5.23

CVE-2005-2090
CVE-2007-0450
CVE-2007-1358
ab2575d6-39f0-11dc-b8cc-000fea449b8atomcat -- XSS vulnerability in sample applications

The Apache Project reports:

The JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the output.


Discovery 2007-05-19
Entry 2007-07-24
apache-tomcat
gt 6.0.0 lt 6.0.11

tomcat
gt 5.0.0 lt 5.5.24

jakarta-tomcat
gt 5.0.0 lt 5.5.24

CVE-2007-1355
24058
26a08c77-32da-4dd7-a884-a76fc49aa824tomcat -- Tomcat Manager cross-site scripting

Oliver Karow discovered cross-site scripting issues in the Apache Jakarta Tomcat manager. The developers refer to the issues as minor.


Discovery 2005-01-03
Entry 2005-06-01
Modified 2006-09-12
jakarta-tomcat
ge 5.0.* lt 5.0.30_5

ge 5.5.* lt 5.5.7

http://www.oliverkarow.de/research/jakarta556_xss.txt
http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg66978.html
ab2575d6-39f0-11dc-b8cc-000fea449b8atomcat -- XSS vulnerability in sample applications

The Apache Project reports:

The JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the output.


Discovery 2007-05-19
Entry 2007-07-24
apache-tomcat
gt 6.0.0 lt 6.0.11

tomcat
gt 5.0.0 lt 5.5.24

jakarta-tomcat
gt 5.0.0 lt 5.5.24

CVE-2007-1355
24058