Lucene search
K

15 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:32 p.m.58 views

K9108: Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

4.3CVSS4.4AI score0.75865EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.36 views

Oracle Linux 5 : tomcat (ELSA-2008-0648)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0648 advisory. - add patch for CVE-2008-1232 Resolves: rhbz457727 - add patch for CVE-2008-1947 Resolves: rhbz449916 - add patch for CVE-2008-2370 Resolves: rhbz45863...

5CVSS6.3AI score0.99708EPSS
Exploits27References5
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.65 views

Scientific Linux Security Update : tomcat on SL5.x i386/x86_64

A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. CVE-2008-1232 An additional cross-site scripting vulnerability was discovered in the host manager application. A...

5CVSS6.1AI score0.99708EPSS
Exploits27References5
Tenable Nessus
Tenable Nessus
added 2010/01/10 12:0 a.m.52 views

RHEL 4 : tomcat in Satellite Server (RHSA-2008:1007)

Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the Tomcat component shipped a...

5CVSS6.1AI score0.99708EPSS
Exploits29References12
OpenVAS
OpenVAS
added 2009/10/13 12:0 a.m.43 views

SLES10: Security update for Websphere Community Edition

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: websphere-asce More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the references. SPDX-FileCopyrightText:...

7.5CVSS5.5AI score0.99708EPSS
Exploits39References1
securityvulns
securityvulns
added 2009/08/08 12:0 a.m.95 views

ZDI-09-052: CA Unicenter Software Delivery dtscore.dll Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-052 August 7, 2009 -- Affected Vendors: Computer Associates -- Affected Products: Computer Associates Unicenter S

CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management Issued: August 6, 2009 CA's technical support is alerting customers to a security risk with Unicenter Asset Portfolio Management, Unicenter Desktop and Serv...

4.3CVSS7.2AI score0.75865EPSS
Exploits2
VMware
VMware
added 2009/02/23 12:0 a.m.40 views

VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27

a. Update for VirtualCenter and ESX patch update Apache Tomcat version to 5.5.27Update for VirtualCenter and ESX patch update the Tomcat package to version 5.5.27 which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposur...

5CVSS3AI score0.75865EPSS
Exploits5References4Affected Software3
OpenVAS
OpenVAS
added 2009/02/17 12:0 a.m.29 views

Fedora Update for tomcat5 FEDORA-2008-8113

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS7.7AI score0.99708EPSS
Exploits27References2
RedHat Linux
RedHat Linux
added 2008/12/08 9:2 a.m.61 views

Low: Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server

Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the Tomcat component shipped a...

5CVSS6.6AI score0.99708EPSS
Exploits29References7
Apache Tomcat
Apache Tomcat
added 2008/09/08 12:0 a.m.55 views

Fixed in Apache Tomcat 5.5.27

Low: Cross-site scripting CVE-2008-1232 The message argument of HttpServletResponse.sendError call is not only displayed on the error page, but is also used for the reason-phrase of HTTP response. This may include characters that are illegal in HTTP headers. It is possible for a specially crafted...

5CVSS7.5AI score0.75865EPSS
Exploits5Affected Software1
F5 Networks
F5 Networks
added 2008/09/01 12:0 a.m.54 views

SOL9108 - Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232

A cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML through a crafted string that is used in the message argument to the HttpServletResponse.sendError method...

4.3CVSS6.6AI score0.75865EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2008/08/27 5:13 p.m.54 views

Important: Red Hat Security Advisory: tomcat security update

Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP...

5CVSS6.6AI score0.99708EPSS
Exploits27References5
Oracle linux
Oracle linux
added 2008/08/27 12:0 a.m.53 views

tomcat security update

5.5.23-0jpp.7.el52.1 - add patch for CVE-2008-1232 Resolves: rhbz457727 - add patch for CVE-2008-1947 Resolves: rhbz449916 - add patch for CVE-2008-2370 Resolves: rhbz458634 - add patch for CVE-2008-2938 Resolves: rhbz456214...

5CVSS2.1AI score0.99708EPSS
Exploits27
CVE
CVE
added 2008/08/04 1:0 a.m.143 views

CVE-2008-1232

CVE-2008-1232 is an XSS vulnerability in Apache Tomcat affecting versions 4.1.0–4.1.37, 5.5.0–5.5.26, and 6.0.0–6.0.16. The root cause is improper validation of user-supplied input used in the HttpServletResponse.sendError method, allowing remote attackers to inject arbitrary web script or HTML v...

4.3CVSS6.5AI score0.75865EPSS
Exploits2References64Affected Software1
seebug.org
seebug.org
added 2008/08/04 12:0 a.m.80 views

Apache Tomcat HttpServletResponse.sendError()跨站脚本漏洞

BUGTRAQ ID: 30496 CVECAN ID: CVE-2008-1232 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat不仅在错误页面中显示了HttpServletResponse.sendError调用的消息参数,同时也在HTTP响应的reason-phrase中使用,这就可能在HTTP头中包含非法字符。特制的消息可能导致跨站脚本攻击,向HTTP响应中注入任意内容。 Apache Group Tomcat 6.0.x Apache Group Tomcat 5.5.x Apache Group Tomcat 4.1.x...

4.3CVSS5.3AI score0.75865EPSS
Exploits2
Rows per page
Query Builder