Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1947

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1947
Last Modified 15 Mar 2014 11:29:09
Published 04 Jun 2008 03:32:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1947

Summary

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Vulnerable Systems

Application

  • Apache Tomcat 5.5.10

  • Apache Tomcat 5.5.11

  • Apache Tomcat 5.5.12

  • Apache Tomcat 5.5.13

  • Apache Tomcat 5.5.14

  • Apache Tomcat 5.5.15

  • Apache Tomcat 5.5.16

  • Apache Tomcat 5.5.17

  • Apache Tomcat 5.5.18

  • Apache Tomcat 5.5.19

  • Apache Tomcat 5.5.20

  • Apache Tomcat 5.5.21

  • Apache Tomcat 5.5.22

  • Apache Tomcat 5.5.23

  • Apache Tomcat 5.5.24

  • Apache Tomcat 5.5.25

  • Apache Tomcat 5.5.26

  • Apache Tomcat 5.5.9

  • Apache Tomcat 6.0.0

  • Apache Tomcat 6.0.1

  • Apache Tomcat 6.0.10

  • Apache Tomcat 6.0.11

  • Apache Tomcat 6.0.12

  • Apache Tomcat 6.0.13

  • Apache Tomcat 6.0.14

  • Apache Tomcat 6.0.15

  • Apache Tomcat 6.0.16

  • Apache Tomcat 6.0.2

  • Apache Tomcat 6.0.3

  • Apache Tomcat 6.0.4

  • Apache Tomcat 6.0.5

  • Apache Tomcat 6.0.6

  • Apache Tomcat 6.0.7

  • Apache Tomcat 6.0.8

  • Apache Tomcat 6.0.9


References

FEDORA - FEDORA-2008-8130

FEDORA - FEDORA-2008-8113

FEDORA - FEDORA-2008-7977

XF - apache-tomcat-hostmanager-xss(42816)

VUPEN - ADV-2009-3316

VUPEN - ADV-2009-0503

VUPEN - ADV-2009-0320

VUPEN - ADV-2008-2823

VUPEN - ADV-2008-2780

VUPEN - ADV-2008-1725

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0002.html

SECTRACK - 1020624

BID - 31681

BID - 29502

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

BUGTRAQ - 20080602 [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability

REDHAT - RHSA-2008:0864

REDHAT - RHSA-2008:0862

REDHAT - RHSA-2008:0648

MANDRIVA - MDVSA-2008:188

DEBIAN - DSA-1593

CONFIRM - http://tomcat.apache.org/security-6.html

CONFIRM - http://tomcat.apache.org/security-5.html

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

CONFIRM - http://support.apple.com/kb/HT3216

SECUNIA - 37460

SECUNIA - 34013

SECUNIA - 33999

SECUNIA - 33797

SECUNIA - 32266

SECUNIA - 32222

SECUNIA - 32120

SECUNIA - 31891

SECUNIA - 31865

SECUNIA - 31639

SECUNIA - 30967

SECUNIA - 30592

SECUNIA - 30500

MLIST - [tomcat-user] 20080602 [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability

HP - HPSBUX02401

SUSE - SUSE-SR:2009:004

SUSE - SUSE-SR:2008:014

APPLE - APPLE-SA-2008-10-09

HP - SSRT090005

HP - HPSBST02955

SECUNIA - 57126

Related Patches

Apple 2008-10-09 Security Update 2008-007 Server (Leopard)


Last Updated: 27 May 2016 10:47:28