CVE-2008-1947

MEDIUM

Description

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

References

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://marc.info/?l=bugtraq&m=123376588623823&w=2

http://marc.info/?l=bugtraq&m=139344343412337&w=2

http://marc.info/?l=tomcat-user&m=121244319501278&w=2

http://secunia.com/advisories/30500

http://secunia.com/advisories/30592

http://secunia.com/advisories/30967

http://secunia.com/advisories/31639

http://secunia.com/advisories/31865

http://secunia.com/advisories/31891

http://secunia.com/advisories/32120

http://secunia.com/advisories/32222

http://secunia.com/advisories/32266

http://secunia.com/advisories/33797

http://secunia.com/advisories/33999

http://secunia.com/advisories/34013

http://secunia.com/advisories/37460

http://secunia.com/advisories/57126

http://support.apple.com/kb/HT3216

http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

http://tomcat.apache.org/security-5.html

http://tomcat.apache.org/security-6.html

http://www.debian.org/security/2008/dsa-1593

http://www.mandriva.com/security/advisories?name=MDVSA-2008:188

http://www.redhat.com/support/errata/RHSA-2008-0648.html

http://www.redhat.com/support/errata/RHSA-2008-0862.html

http://www.redhat.com/support/errata/RHSA-2008-0864.html

http://www.securityfocus.com/archive/1/492958/100/0/threaded

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/bid/29502

http://www.securityfocus.com/bid/31681

http://www.securitytracker.com/id?1020624

http://www.vmware.com/security/advisories/VMSA-2009-0002.html

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2008/1725

http://www.vupen.com/english/advisories/2008/2780

http://www.vupen.com/english/advisories/2008/2823

http://www.vupen.com/english/advisories/2009/0320

http://www.vupen.com/english/advisories/2009/0503

http://www.vupen.com/english/advisories/2009/3316

https://exchange.xforce.ibmcloud.com/vulnerabilities/42816

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html

Details

Source: MITRE

Published: 2008-06-04

Updated: 2019-03-25

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM