CVE-2008-1947

Apache Tomcat 5.5.9-5.5.26 and 6.0.0-6.0.16 - Cross-Site Scripting via Hostname Parameter

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

References (52)

Core 52
Core References
Various Sources x_refsource_confirm
http://tomcat.apache.org/security-6.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/492958/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30500
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0862.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34013
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=tomcat-user&m=121244319501278&w=2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2823
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42816
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37460
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31681
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32120
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1725
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30592
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33999
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29502
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31865
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31639
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30967
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0320
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0864.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57126
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32222
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31891
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33797
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020624
Various Sources x_refsource_confirm
http://tomcat.apache.org/security-5.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2780
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=123376588623823&w=2
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=139344343412337&w=2
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3216
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0503
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3316
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1593
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32266
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0648.html

Scores

EPSS 0.0978
EPSS Percentile 95.0%

Details

CWE
CWE-79
Status published
Products (37)
apache/tomcat 5.5.9
apache/tomcat 5.5.10
apache/tomcat 5.5.11
apache/tomcat 5.5.12
apache/tomcat 5.5.13
apache/tomcat 5.5.14
apache/tomcat 5.5.15
apache/tomcat 5.5.16
apache/tomcat 5.5.17
apache/tomcat 5.5.18
... and 27 more
Published Jun 04, 2008
Tracked Since Feb 18, 2026