CVE-2009-0781 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-0781 Interim 1 11 2023-02-15T02:47:16Z current 2021-05-30T12:46:08Z 2023-02-15T02:47:16Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-0781 Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html E-Mail link for SUSE-SR:2009:012 https://lists.opensuse.org/opensuse-security-announce/2009-08/msg00005.html E-Mail link for SUSE-SR:2009:013 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3 LTSS SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 11 tomcat tomcat-admin-webapps tomcat-docs-webapp tomcat-el-3_0-api tomcat-javadoc tomcat-jsp-2_3-api tomcat-lib tomcat-servlet-3_1-api tomcat-webapps tomcat6 tomcat6-6.0.18-20.35.36.1 tomcat6-6.0.18-20.35.40.1 tomcat6-6.0.41-0.43.1 tomcat6-admin-webapps tomcat6-admin-webapps-6.0.18-20.35.36.1 tomcat6-admin-webapps-6.0.18-20.35.40.1 tomcat6-admin-webapps-6.0.41-0.43.1 tomcat6-docs-webapp tomcat6-docs-webapp-6.0.18-20.35.36.1 tomcat6-docs-webapp-6.0.18-20.35.40.1 tomcat6-docs-webapp-6.0.41-0.43.1 tomcat6-javadoc tomcat6-javadoc-6.0.18-20.35.36.1 tomcat6-javadoc-6.0.18-20.35.40.1 tomcat6-javadoc-6.0.41-0.43.1 tomcat6-jsp-2_1-api tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 tomcat6-jsp-2_1-api-6.0.41-0.43.1 tomcat6-lib tomcat6-lib-6.0.18-20.35.36.1 tomcat6-lib-6.0.18-20.35.40.1 tomcat6-lib-6.0.41-0.43.1 tomcat6-servlet-2_5-api tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 tomcat6-servlet-2_5-api-6.0.41-0.43.1 tomcat6-webapps tomcat6-webapps-6.0.18-20.35.36.1 tomcat6-webapps-6.0.18-20.35.40.1 tomcat6-webapps-6.0.41-0.43.1 websphere-as_ce-2.1.1.2-2.2 websphere-as_ce-2.1.1.2-2.2 as a component of SUSE Linux Enterprise Server 11 tomcat6-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-admin-webapps-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-docs-webapp-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-javadoc-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-lib-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-webapps-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-admin-webapps-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-docs-webapp-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-javadoc-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-lib-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-webapps-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-admin-webapps-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-docs-webapp-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-javadoc-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-jsp-2_1-api-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-lib-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-servlet-2_5-api-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-webapps-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 websphere-as_ce-2.1.1.2-2.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 tomcat6 as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata tomcat6 as a component of SUSE Linux Enterprise Server 11 SP3 LTSS tomcat6 as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata tomcat6 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-admin-webapps as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-docs-webapp as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-javadoc as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-jsp-2_1-api as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-lib as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-servlet-2_5-api as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-webapps as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-admin-webapps as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-docs-webapp as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-el-3_0-api as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-javadoc as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-jsp-2_3-api as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-lib as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-servlet-3_1-api as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-webapps as a component of SUSE Linux Enterprise Server 12 SP2 tomcat as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-admin-webapps as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-docs-webapp as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-el-3_0-api as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-javadoc as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-jsp-2_3-api as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-lib as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-servlet-3_1-api as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-webapps as a component of SUSE Linux Enterprise Server 12 SP3 Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." CVE-2009-0781 SUSE Linux Enterprise Server 11:websphere-as_ce-2.1.1.2-2.2 SUSE Linux Enterprise Server 11 SP2:tomcat6-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-admin-webapps-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-docs-webapp-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-javadoc-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-lib-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-webapps-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-admin-webapps-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-docs-webapp-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-javadoc-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-jsp-2_1-api-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-lib-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-servlet-2_5-api-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-webapps-6.0.41-0.43.1 SUSE Linux Enterprise Server for SAP Applications 11:websphere-as_ce-2.1.1.2-2.2 SUSE Linux Enterprise Server 11 SP1 for Teradata:tomcat6 SUSE Linux Enterprise Server 11 SP3 LTSS:tomcat6 SUSE Linux Enterprise Server 11 SP3 for Teradata:tomcat6 SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6 SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-admin-webapps SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-docs-webapp SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-javadoc SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-jsp-2_1-api SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-lib SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-servlet-2_5-api SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-webapps SUSE Linux Enterprise Server 12 SP2:tomcat SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api SUSE Linux Enterprise Server 12 SP2:tomcat-lib SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api SUSE Linux Enterprise Server 12 SP2:tomcat-webapps SUSE Linux Enterprise Server 12 SP3:tomcat SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api SUSE Linux Enterprise Server 12 SP3:tomcat-lib SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api SUSE Linux Enterprise Server 12 SP3:tomcat-webapps moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N