Lucene search
RootSSV:3378HistoryJun 05, 2008 - 12:00 a.m.
Apache Tomcat主机管理器跨站脚本漏洞
2008-06-0500:00:00
Root
www.seebug.org
28
0.216 Low
EPSS
Percentile
96.0%
BUGTRAQ ID: 29502
CVE(CAN) ID: CVE-2008-1947
Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。
Apache Tomcat的host-manager/html/add文件没有正确地过滤对name参数的输入便返回给了用户,这允许远程攻击者通过跨站脚本攻击在登录用户浏览器会话中执行任意HTML和脚本代码。
Apache Group Tomcat 6.0.0 - 6.0.16
Apache Group Tomcat 5.5.9 - 5.5.26
Apache Group
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://jakarta.apache.org/tomcat/index.html” target=“_blank”>http://jakarta.apache.org/tomcat/index.html</a>
<form action="http://localhost:8080/host-manager/html/add" method="get">
~ <INPUT TYPE="hidden" NAME='name' VALUE="<script>alert()</script>"><b
Related
f5
f5
K9109 : Apache Tomcat cross-site scripting vulnerability CVE-2008-1947
2013-03-19 00:00:00
SOL9109 - Apache Tomcat cross-site scripting vulnerability CVE-2008-1947
2008-09-01 00:00:00
nessus
nessus
Debian DSA-1593-1 : tomcat5.5 - missing input sanitising
2008-06-16 00:00:00
openSUSE 10 Security Update : tomcat55 (tomcat55-5385)
2008-07-08 00:00:00
openSUSE Security Update : tomcat6 (tomcat6-68)
2009-07-21 00:00:00
packetstorm
packetstorm
CVE-2008-1947.txt
2008-06-03 00:00:00
ubuntucve
ubuntucve
CVE-2008-1947
2008-06-04 00:00:00
github
github
Apache Tomcat Cross-site scripting (XSS) vulnerability
2022-05-01 23:45:13
debian
debian
[SECURITY] [DSA 1593-1] New tomcat5.5 packages cross-site scripting
2008-06-09 19:38:32
securityvulns
securityvulns
Apache Tomcat crossite scripting
2010-02-25 00:00:00
CA20100222-01: Security Notice for CA Service Desk
2010-02-25 00:00:00
[SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability
2008-06-04 00:00:00
prion
prion
Cross site scripting
2008-06-04 19:32:00
veracode
veracode
Cross-site Scripting (XSS)
2018-11-09 07:06:07
cve
cve
CVE-2008-1947
2008-06-04 19:32:00
openvas
openvas
Debian Security Advisory DSA 1593-1 (tomcat5.5)
2008-06-11 00:00:00
Debian: Security Advisory (DSA-1593-1)
2008-06-11 00:00:00
Fedora Update for tomcat6 FEDORA-2008-7977
2009-02-17 00:00:00
osv
osv
Apache Tomcat Cross-site scripting (XSS) vulnerability
2022-05-01 23:45:13
vmware
vmware
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.18
2008-07-31 00:00:00
Fixed in Apache Tomcat 5.5.27
2008-09-08 00:00:00
redhat
redhat
(RHSA-2008:0648) Important: tomcat security update
2008-08-27 00:00:00
(RHSA-2008:0864) Important: tomcat security update
2008-10-02 00:00:00
centos
centos
tomcat5 security update
2008-08-28 22:01:41
fedora
fedora
[SECURITY] Fedora 9 Update: tomcat5-5.5.27-0jpp.2.fc9
2008-09-16 23:25:10
[SECURITY] Fedora 9 Update: tomcat6-6.0.18-1.1.fc9
2008-09-11 17:17:43
[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8
2008-09-16 23:28:35
oraclelinux
oraclelinux
tomcat security update
2008-08-27 00:00:00