Lucene search

[email protected]CVE-2008-1947

HistoryJun 04, 2008 - 7:32 p.m.

CVE-2008-1947

2008-06-0419:32:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-1947

cross-site scripting

xss

apache tomcat

remote code injection

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

High

0.1 Low

EPSS

Percentile

94.9%

JSON

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Affected configurations

NVD

Node

apachetomcatMatch5.5.9

apachetomcatMatch5.5.10

apachetomcatMatch5.5.11

apachetomcatMatch5.5.12

apachetomcatMatch5.5.13

apachetomcatMatch5.5.14

apachetomcatMatch5.5.15

apachetomcatMatch5.5.16

apachetomcatMatch5.5.17

apachetomcatMatch5.5.18

apachetomcatMatch5.5.19

apachetomcatMatch5.5.20

apachetomcatMatch5.5.21

apachetomcatMatch5.5.22

apachetomcatMatch5.5.23

apachetomcatMatch5.5.24

apachetomcatMatch5.5.25

apachetomcatMatch5.5.26

apachetomcatMatch6.0.0

apachetomcatMatch6.0.1

apachetomcatMatch6.0.2

apachetomcatMatch6.0.3

apachetomcatMatch6.0.4

apachetomcatMatch6.0.5

apachetomcatMatch6.0.6

apachetomcatMatch6.0.7

apachetomcatMatch6.0.8

apachetomcatMatch6.0.9

apachetomcatMatch6.0.10

apachetomcatMatch6.0.11

apachetomcatMatch6.0.12

apachetomcatMatch6.0.13

apachetomcatMatch6.0.14

apachetomcatMatch6.0.15

apachetomcatMatch6.0.16

CPENameOperatorVersion
apache:tomcatapache tomcateq5.5.9
apache:tomcatapache tomcateq5.5.10
apache:tomcatapache tomcateq5.5.11
apache:tomcatapache tomcateq5.5.12
apache:tomcatapache tomcateq5.5.13
apache:tomcatapache tomcateq5.5.14
apache:tomcatapache tomcateq5.5.15
apache:tomcatapache tomcateq5.5.16
apache:tomcatapache tomcateq5.5.17
apache:tomcatapache tomcateq5.5.18

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	5.5.9
apache:tomcat	apache tomcat	eq	5.5.10
apache:tomcat	apache tomcat	eq	5.5.11
apache:tomcat	apache tomcat	eq	5.5.12
apache:tomcat	apache tomcat	eq	5.5.13
apache:tomcat	apache tomcat	eq	5.5.14
apache:tomcat	apache tomcat	eq	5.5.15
apache:tomcat	apache tomcat	eq	5.5.16
apache:tomcat	apache tomcat	eq	5.5.17
apache:tomcat	apache tomcat	eq	5.5.18

Rows per page:

1-10 of 351

References

lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

marc.info/?l=bugtraq&m=123376588623823&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

marc.info/?l=tomcat-user&m=121244319501278&w=2

secunia.com/advisories/30500

secunia.com/advisories/30592

secunia.com/advisories/30967

secunia.com/advisories/31639

secunia.com/advisories/31865

secunia.com/advisories/31891

secunia.com/advisories/32120

secunia.com/advisories/32222

secunia.com/advisories/32266

secunia.com/advisories/33797

secunia.com/advisories/33999

secunia.com/advisories/34013

secunia.com/advisories/37460

secunia.com/advisories/57126

support.apple.com/kb/HT3216

support.avaya.com/elmodocs2/security/ASA-2008-401.htm

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

www.debian.org/security/2008/dsa-1593

www.mandriva.com/security/advisories?name=MDVSA-2008:188

www.redhat.com/support/errata/RHSA-2008-0648.html

www.redhat.com/support/errata/RHSA-2008-0862.html

www.redhat.com/support/errata/RHSA-2008-0864.html

www.securityfocus.com/archive/1/492958/100/0/threaded

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/29502

www.securityfocus.com/bid/31681

www.securitytracker.com/id?1020624

www.vmware.com/security/advisories/VMSA-2009-0002.html

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2008/1725

www.vupen.com/english/advisories/2008/2780

www.vupen.com/english/advisories/2008/2823

www.vupen.com/english/advisories/2009/0320

www.vupen.com/english/advisories/2009/0503

www.vupen.com/english/advisories/2009/3316

exchange.xforce.ibmcloud.com/vulnerabilities/42816

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009

www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html

www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html

www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

High

0.1 Low

EPSS

Percentile

94.9%

JSON

Related for CVE-2008-1947

nessus18 packetstorm1 f52 ubuntucve1 github1 veracode1 seebug1 securityvulns3 openvas24 cvelist1 osv1 nvd1 prion1 debian1 vmware4 tomcat2 fedora3 oraclelinux1 redhat4 centos1