FreeBSD Bugzilla – Attachment 235894 Details for
Bug 265821
www/tomcat{85,9,10,-devel}: Update to 8.5.82, 9.0.65, 10.0.23, 10.1.0-M17 (CVE-2022-34305 - a low severity XSS vulnerability in the Form authentication example)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vuxml.diff
vuxml.diff (text/plain), 1.81 KB, created by
Nuno Teixeira
on 2022-08-13 22:45:18 UTC
(
hide
)
Description:
vuxml.diff
Filename:
MIME Type:
Creator:
Nuno Teixeira
Created:
2022-08-13 22:45:18 UTC
Size:
1.81 KB
patch
obsolete
>diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml >index 98f59a598022..acae5b0b4102 100644 >--- a/security/vuxml/vuln-2022.xml >+++ b/security/vuxml/vuln-2022.xml >@@ -1,3 +1,48 @@ >+ <vuln vid="e2e7faf9-1b51-11ed-ae46-002b67dfc673"> >+ <topic>Tomcat -- XSS in examples web application</topic> >+ <affects> >+ <package> >+ <name>tomcat</name> >+ <range><ge>8.5.50</ge><lt>8.5.81</lt></range> >+ <range><ge>9.0.30</ge><lt>9.0.64</lt></range> >+ <range><ge>10.0.0-M1</ge><lt>10.0.22</lt></range> >+ <range><ge>10.1.0-M1</ge><lt>10.1.0-M16</lt></range> >+ </package> >+ <package> >+ <name>tomcat85</name> >+ <range><ge>8.5.50</ge><lt>8.5.81</lt></range> >+ </package> >+ <package> >+ <name>tomcat9</name> >+ <range><ge>9.0.30</ge><lt>9.0.64</lt></range> >+ </package> >+ <package> >+ <name>tomcat10</name> >+ <range><ge>10.0.0-M1</ge><lt>10.0.22</lt></range> >+ </package> >+ <package> >+ <name>tomcat-devel</name> >+ <range><ge>10.1.0-M1</ge><lt>10.1.0-M16</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Apache Tomcat reports:</p> >+ <blockquote cite="https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k"> >+ <p>The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2022-34305</cvename> >+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305</url> >+ </references> >+ <dates> >+ <discovery>2022-06-22</discovery> >+ <entry>2022-08-13</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="75c073cc-1a1d-11ed-bea0-48ee0c739857"> > <topic>XFCE tumbler -- Vulnerability in the GStreamer plugin</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=235894">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
riggs
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 265821
:
235883
|
235884
|
235885
|
235886
| 235894