Vulnonym.org

CVE-2008-1947 - Enervate Item

Description

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Reference

http://marc.info/?l=tomcat-user&m=121244319501278&w=2 http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://secunia.com/advisories/30500 http://www.debian.org/security/2008/dsa-1593 http://secunia.com/advisories/30592 http://secunia.com/advisories/30967 http://www.mandriva.com/security/advisories?name=MDVSA-2008:188 http://www.redhat.com/support/errata/RHSA-2008-0648.html http://www.securitytracker.com/id?1020624 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://www.securityfocus.com/bid/29502 http://secunia.com/advisories/31639 http://secunia.com/advisories/31891 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html http://secunia.com/advisories/31865 http://www.redhat.com/support/errata/RHSA-2008-0862.html http://www.redhat.com/support/errata/RHSA-2008-0864.html http://www.securityfocus.com/bid/31681 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/32222 http://support.apple.com/kb/HT3216 http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm http://marc.info/?l=bugtraq&m=123376588623823&w=2 http://secunia.com/advisories/33797 http://secunia.com/advisories/32120 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/32266 http://secunia.com/advisories/34013 http://secunia.com/advisories/33999 http://www.vupen.com/english/advisories/2009/0503 http://www.vmware.com/security/advisories/VMSA-2009-0002.html http://www.vupen.com/english/advisories/2009/3316 http://secunia.com/advisories/37460 http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/0320 http://www.vupen.com/english/advisories/2008/2823 http://www.vupen.com/english/advisories/2008/1725 http://www.vupen.com/english/advisories/2008/2780 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/57126 https://exchange.xforce.ibmcloud.com/vulnerabilities/42816 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534 http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.securityfocus.com/archive/1/492958/100/0/threaded https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E