PT-2008-3473 · Apache +2 · Apache Tomcat +2

🗓️ 04 Jun 2008 00:00:00Reported by Positive TechnologiesType

XSS in Host Manager add endpoint affects Tomcat 5.5.9–5.5.26 and 6.0.0–6.0.16; update to safer versions.

Reporter	Title	Published	Views	Family All 479
0day.today	Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability	11 Aug 200800:00	–	zdt
0day.today	ToutVirtual VirtualIQ Pro 3.2 Multiple Vulnerabilities	7 Nov 200900:00	–	zdt
FreeBSD	php -- multiple vulnerabilities	4 Dec 200800:00	–	freebsd
FreeBSD	apache -- multiple vulnerabilities	14 Jun 200800:00	–	freebsd
FreeBSD	apache -- Cross-site scripting vulnerability	25 Jul 200800:00	–	freebsd
IBM Security Bulletins	Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries	26 Mar 202503:33	–	ibm
Gitee	Exploit for CVE-2007-6750	27 Jul 202503:38	–	gitee
Tenable Nessus	Apache < 2.2.8 Multiple Vulnerabilities	20 Feb 200800:00	–	nessus
Tenable Nessus	Apache < 2.2.9 Multiple Vulnerabilities	18 Aug 200400:00	–	nessus
Tenable Nessus	Apache Tomcat 4.1.x < 4.1.39 / 5.5.x < 5.5.27 / 6.0.x < 6.0.18 Multiple Vulnerabilities	5 Aug 200800:00	–	nessus

Source	Link
github	www.github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/tomcat_utf8_traversal.rb
github	www.github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
lists	www.lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
redhat	www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
redhat	www.redhat.com/support/errata/RHSA-2008-0648.html
lists	www.lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

13 Feb 2023 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 45.3

CVSS 27.5

EPSS0.92704