CVE-2008-1947

Apache Tomcat <6.0.17 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

References (52)

[Mailing List] http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

[Mailing List] http://marc.info/?l=bugtraq&m=123376588623823&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=139344343412337&w=2

[Mailing List] http://marc.info/?l=tomcat-user&m=121244319501278&w=2

[Vendor Advisory] http://secunia.com/advisories/30500

[Vendor Advisory] http://secunia.com/advisories/30592

[Vendor Advisory] http://support.apple.com/kb/HT3216

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

[Various Sources] http://tomcat.apache.org/security-5.html

[Various Sources] http://tomcat.apache.org/security-6.html

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2008:188

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0648.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0862.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0864.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/492958/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42816

[Mailing List] https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

... and 32 more

Scores

EPSS 0.5930

EPSS Percentile 98.2%

Classification

CWE

CWE-79

Status draft

Affected Products (37)

apache/tomcat

... and 22 more

Timeline

Published Jun 04, 2008

Tracked Since Feb 18, 2026