PRIOn knowledge basePRION:CVE-2008-1947Cross site scripting
5.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.118 Low
EPSS
Percentile
95.2%
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
References
lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
secunia.com/advisories/30500
secunia.com/advisories/30592
secunia.com/advisories/30967
secunia.com/advisories/31639
secunia.com/advisories/31865
secunia.com/advisories/31891
secunia.com/advisories/32120
secunia.com/advisories/32222
secunia.com/advisories/32266
secunia.com/advisories/33797
secunia.com/advisories/33999
secunia.com/advisories/34013
secunia.com/advisories/37460
secunia.com/advisories/57126
support.apple.com/kb/HT3216
support.avaya.com/elmodocs2/security/ASA-2008-401.htm
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
www.debian.org/security/2008/dsa-1593
www.mandriva.com/security/advisories?name=MDVSA-2008:188
www.redhat.com/support/errata/RHSA-2008-0648.html
www.redhat.com/support/errata/RHSA-2008-0862.html
www.redhat.com/support/errata/RHSA-2008-0864.html
www.securityfocus.com/archive/1/492958/100/0/threaded
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/29502
www.securityfocus.com/bid/31681
www.securitytracker.com/id?1020624
www.vmware.com/security/advisories/VMSA-2009-0002.html
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2008/1725
www.vupen.com/english/advisories/2008/2780
www.vupen.com/english/advisories/2008/2823
www.vupen.com/english/advisories/2009/0320
www.vupen.com/english/advisories/2009/0503
www.vupen.com/english/advisories/2009/3316
exchange.xforce.ibmcloud.com/vulnerabilities/42816
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
marc.info/?l=bugtraq&m=123376588623823&w=2
marc.info/?l=bugtraq&m=139344343412337&w=2
marc.info/?l=tomcat-user&m=121244319501278&w=2
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009
www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
Related
5.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.118 Low
EPSS
Percentile
95.2%