CVE-2008-1947
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
94.9%
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
Affected configurations
References
lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
marc.info/?l=bugtraq&m=123376588623823&w=2
marc.info/?l=bugtraq&m=139344343412337&w=2
marc.info/?l=tomcat-user&m=121244319501278&w=2
secunia.com/advisories/30500
secunia.com/advisories/30592
secunia.com/advisories/30967
secunia.com/advisories/31639
secunia.com/advisories/31865
secunia.com/advisories/31891
secunia.com/advisories/32120
secunia.com/advisories/32222
secunia.com/advisories/32266
secunia.com/advisories/33797
secunia.com/advisories/33999
secunia.com/advisories/34013
secunia.com/advisories/37460
secunia.com/advisories/57126
support.apple.com/kb/HT3216
support.avaya.com/elmodocs2/security/ASA-2008-401.htm
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
www.debian.org/security/2008/dsa-1593
www.mandriva.com/security/advisories?name=MDVSA-2008:188
www.redhat.com/support/errata/RHSA-2008-0648.html
www.redhat.com/support/errata/RHSA-2008-0862.html
www.redhat.com/support/errata/RHSA-2008-0864.html
www.securityfocus.com/archive/1/492958/100/0/threaded
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/29502
www.securityfocus.com/bid/31681
www.securitytracker.com/id?1020624
www.vmware.com/security/advisories/VMSA-2009-0002.html
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2008/1725
www.vupen.com/english/advisories/2008/2780
www.vupen.com/english/advisories/2008/2823
www.vupen.com/english/advisories/2009/0320
www.vupen.com/english/advisories/2009/0503
www.vupen.com/english/advisories/2009/3316
exchange.xforce.ibmcloud.com/vulnerabilities/42816
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009
www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
94.9%