CVE-2008-1232

Apache Tomcat <6.0.17 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Konstantin Kolinko · textremotemultiple

https://www.exploit-db.com/exploits/32138

View Code ZIP pw:eip

References (64)

[Broken Link] http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx

[Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

[Mailing List, Third Party Advisory] http://marc.info/?l=bugtraq&m=123376588623823&w=2

[Mailing List, Third Party Advisory] http://marc.info/?l=bugtraq&m=139344343412337&w=2

[Broken Link] http://secunia.com/advisories/31379

[Broken Link] http://secunia.com/advisories/31381

[Broken Link] http://secunia.com/advisories/31639

[Broken Link] http://secunia.com/advisories/31865

[Broken Link] http://secunia.com/advisories/31891

[Broken Link] http://secunia.com/advisories/31982

[Broken Link] http://secunia.com/advisories/32120

[Broken Link] http://secunia.com/advisories/32222

[Broken Link] http://secunia.com/advisories/32266

[Broken Link] http://secunia.com/advisories/33797

[Broken Link] http://secunia.com/advisories/33999

[Broken Link] http://secunia.com/advisories/34013

[Broken Link] http://secunia.com/advisories/35474

[Broken Link] http://secunia.com/advisories/36108

... and 44 more

Scores

EPSS 0.3815

EPSS Percentile 97.2%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

apache/tomcat < 4.1.37

org.apache.tomcat/tomcat < 4.1.38Maven

Timeline

Published Aug 04, 2008

Tracked Since Feb 18, 2026