[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-1947Date: (C)2008-06-04   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1020624
http://www.securityfocus.com/archive/1/492958/100/0/threaded
http://www.securityfocus.com/archive/1/507985/100/0/threaded
BID-29502
SECUNIA-30500
SECUNIA-30592
SECUNIA-30967
SECUNIA-31639
BID-31681
SECUNIA-31865
SECUNIA-31891
SECUNIA-32120
SECUNIA-32222
SECUNIA-32266
SECUNIA-33797
SECUNIA-33999
SECUNIA-34013
SECUNIA-37460
SECUNIA-57126
ADV-2008-1725
ADV-2008-2780
ADV-2008-2823
ADV-2009-0320
ADV-2009-0503
ADV-2009-3316
APPLE-SA-2008-10-09
DSA-1593
FEDORA-2008-7977
FEDORA-2008-8113
FEDORA-2008-8130
HPSBST02955
HPSBUX02401
MDVSA-2008:188
RHSA-2008:0648
RHSA-2008:0862
RHSA-2008:0864
SUSE-SR:2008:014
SUSE-SR:2009:004
http://marc.info/?l=tomcat-user&m=121244319501278&w=2
apache-tomcat-hostmanager-xss(42816)
http://support.apple.com/kb/HT3216
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.vmware.com/security/advisories/VMSA-2009-0002.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
oval:org.mitre.oval:def:11534
oval:org.mitre.oval:def:6009

CWE    1
CWE-79
OVAL    3
oval:org.mitre.oval:def:8361
oval:org.secpod.oval:def:20819
oval:org.secpod.oval:def:301557

© SecPod Technologies