5.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.118 Low
EPSS
Percentile
95.2%
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add
.
lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
marc.info/?l=bugtraq&m=123376588623823&w=2
marc.info/?l=bugtraq&m=139344343412337&w=2
marc.info/?l=tomcat-user&m=121244319501278&w=2
support.apple.com/kb/HT3216
support.avaya.com/elmodocs2/security/ASA-2008-401.htm
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
www.debian.org/security/2008/dsa-1593
www.mandriva.com/security/advisories?name=MDVSA-2008:188
www.redhat.com/support/errata/RHSA-2008-0648.html
www.redhat.com/support/errata/RHSA-2008-0862.html
www.redhat.com/support/errata/RHSA-2008-0864.html
www.vmware.com/security/advisories/VMSA-2009-0002.html
www.vmware.com/security/advisories/VMSA-2009-0016.html
access.redhat.com/errata/RHSA-2008:0648
access.redhat.com/errata/RHSA-2008:0862
access.redhat.com/errata/RHSA-2008:0864
access.redhat.com/errata/RHSA-2008:1007
access.redhat.com/security/cve/CVE-2008-1947
bugzilla.redhat.com/show_bug.cgi?id=446393
exchange.xforce.ibmcloud.com/vulnerabilities/42816
github.com/apache/tomcat
github.com/apache/tomcat/commit/49c71fc59c1b8f8da77aea9eb53e61db168aebab
github.com/apache/tomcat/commit/5f00d434c8dc11bd49ce0b4b56fe889839056030
github.com/apache/tomcat/commit/78ad0fcbe29c824f1f2e45a4e2716247b033250a
github.com/apache/tomcat/commit/ab6a6c41ac972c845717c9d639f0335865afab4d
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
nvd.nist.gov/vuln/detail/CVE-2008-1947
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009
web.archive.org/web/20200514224656/www.securityfocus.com/archive/1/507985/100/0/threaded
web.archive.org/web/20201208011750/www.securityfocus.com/archive/1/492958/100/0/threaded
www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html