CVE-2008-1947 Information

Description

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Reference

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=123376588623823&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://marc.info/?l=tomcat-user&m=121244319501278&w=2 http://secunia.com/advisories/30500 http://secunia.com/advisories/30592 http://secunia.com/advisories/30967 http://secunia.com/advisories/31639 http://secunia.com/advisories/31865 http://secunia.com/advisories/31891 http://secunia.com/advisories/32120 http://secunia.com/advisories/32222 http://secunia.com/advisories/32266 http://secunia.com/advisories/33797 http://secunia.com/advisories/33999 http://secunia.com/advisories/34013 http://secunia.com/advisories/37460 http://secunia.com/advisories/57126 http://support.apple.com/kb/HT3216 http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://www.debian.org/security/2008/dsa-1593 http://www.mandriva.com/security/advisories?name=MDVSA-2008:188 http://www.redhat.com/support/errata/RHSA-2008-0648.html http://www.redhat.com/support/errata/RHSA-2008-0862.html http://www.redhat.com/support/errata/RHSA-2008-0864.html http://www.securityfocus.com/archive/1/492958/100/0/threaded http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.securityfocus.com/bid/29502 http://www.securityfocus.com/bid/31681 http://www.securitytracker.com/id?1020624 http://www.vmware.com/security/advisories/VMSA-2009-0002.html http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2008/1725 http://www.vupen.com/english/advisories/2008/2780 http://www.vupen.com/english/advisories/2008/2823 http://www.vupen.com/english/advisories/2009/0320 http://www.vupen.com/english/advisories/2009/0503 http://www.vupen.com/english/advisories/2009/3316 https://exchange.xforce.ibmcloud.com/vulnerabilities/42816 https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@3Cdev.tomcat.apache.org3E https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11534 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6009 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html