Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1232

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1232
Last Modified 15 Mar 2014 11:26:34
Published 03 Aug 2008 09:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1232

Summary

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

Vulnerable Systems

Application

  • Apache Software Foundation Tomcat 4.1

  • Apache Software Foundation Tomcat 4.1.32

  • Apache Software Foundation Tomcat 4.1.34

  • Apache Software Foundation Tomcat 4.1.37

  • Apache Software Foundation Tomcat 5.5.26

  • Apache Software Foundation Tomcat 6.0.16

  • Apache Tomcat 4.1.0

  • Apache Tomcat 4.1.1

  • Apache Tomcat 4.1.10

  • Apache Tomcat 4.1.12

  • Apache Tomcat 4.1.15

  • Apache Tomcat 4.1.2

  • Apache Tomcat 4.1.24

  • Apache Tomcat 4.1.28

  • Apache Tomcat 4.1.3

  • Apache Tomcat 4.1.31

  • Apache Tomcat 4.1.36

  • Apache Tomcat 5.5.0

  • Apache Tomcat 5.5.1

  • Apache Tomcat 5.5.10

  • Apache Tomcat 5.5.11

  • Apache Tomcat 5.5.12

  • Apache Tomcat 5.5.13

  • Apache Tomcat 5.5.14

  • Apache Tomcat 5.5.15

  • Apache Tomcat 5.5.16

  • Apache Tomcat 5.5.17

  • Apache Tomcat 5.5.18

  • Apache Tomcat 5.5.19

  • Apache Tomcat 5.5.2

  • Apache Tomcat 5.5.20

  • Apache Tomcat 5.5.21

  • Apache Tomcat 5.5.22

  • Apache Tomcat 5.5.23

  • Apache Tomcat 5.5.24

  • Apache Tomcat 5.5.25

  • Apache Tomcat 6.0

  • Apache Tomcat 6.0.0

  • Apache Tomcat 6.0.1

  • Apache Tomcat 6.0.10

  • Apache Tomcat 6.0.11

  • Apache Tomcat 6.0.12

  • Apache Tomcat 6.0.13

  • Apache Tomcat 6.0.14

  • Apache Tomcat 6.0.15


References

BID - 30496

FEDORA - FEDORA-2008-8130

FEDORA - FEDORA-2008-8113

FEDORA - FEDORA-2008-7977

CONFIRM - https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095

CONFIRM - https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500

XF - tomcat-httpservletresponse-xss(44155)

VUPEN - ADV-2009-3316

VUPEN - ADV-2009-2194

VUPEN - ADV-2009-1609

VUPEN - ADV-2009-0503

VUPEN - ADV-2009-0320

VUPEN - ADV-2008-2823

VUPEN - ADV-2008-2780

VUPEN - ADV-2008-2305

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0002.html

SECTRACK - 1020622

BID - 31681

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

BUGTRAQ - 20090806 CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management

BUGTRAQ - 20090616 CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability

BUGTRAQ - 20080801 [CVE-2008-1232] Apache Tomcat XSS vulnerability

REDHAT - RHSA-2008:0864

REDHAT - RHSA-2008:0862

REDHAT - RHSA-2008:0648

MANDRIVA - MDVSA-2008:188

CONFIRM - http://tomcat.apache.org/security-6.html

CONFIRM - http://tomcat.apache.org/security-5.html

CONFIRM - http://tomcat.apache.org/security-4.html

CONFIRM - http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

CONFIRM - http://support.apple.com/kb/HT3216

SREASON - 4098

SECUNIA - 37460

SECUNIA - 36108

SECUNIA - 35474

SECUNIA - 34013

SECUNIA - 33999

SECUNIA - 33797

SECUNIA - 32266

SECUNIA - 32222

SECUNIA - 32120

SECUNIA - 31982

SECUNIA - 31891

SECUNIA - 31865

SECUNIA - 31639

SECUNIA - 31381

SECUNIA - 31379

HP - HPSBUX02401

SUSE - SUSE-SR:2009:004

SUSE - SUSE-SR:2008:018

APPLE - APPLE-SA-2008-10-09

CONFIRM - http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx

HP - SSRT090005

HP - HPSBST02955

SECUNIA - 57126

Related Patches

Apple 2008-10-09 Security Update 2008-007 Server (Leopard)


Last Updated: 27 May 2016 10:47:28