Home > Vulnerability Database > CVE-2008-1947

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2008-1947

Date: June 4, 2008

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Severity Score

3.7

Related Resources (72)

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html

Url: https://github.com/apache/tomcat/commit/5f00d434c8dc11bd49ce0b4b56fe889839056030

Url: https://access.redhat.com/errata/RHSA-2008:0862

Url: https://web.archive.org/web/20201208011750/http://www.securityfocus.com/archive/1/492958/100/0/threaded

Url: http://www.securityfocus.com/bid/29502

Url: http://secunia.com/advisories/31865

Url: http://secunia.com/advisories/34013

Url: https://github.com/apache/tomcat/commit/ab6a6c41ac972c845717c9d639f0335865afab4d

Url: https://github.com/apache/tomcat

Url: http://support.apple.com/kb/HT3216

Url: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-1947

Url: https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

Url: http://secunia.com/advisories/32222

Url: http://secunia.com/advisories/32266

Url: http://secunia.com/advisories/33797

Url: http://secunia.com/advisories/31891

Url: http://www.redhat.com/support/errata/RHSA-2008-0862.html

Url: http://secunia.com/advisories/33999

Url: http://www.vupen.com/english/advisories/2008/2823

Url: https://github.com/apache/tomcat/commit/49c71fc59c1b8f8da77aea9eb53e61db168aebab

Url: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

Url: http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Url: http://www.securityfocus.com/bid/31681

Url: https://access.redhat.com/security/cve/CVE-2008-1947

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:188

Url: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

Url: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

Url: http://secunia.com/advisories/30967

Url: http://www.vupen.com/english/advisories/2009/0503

Url: http://www.securitytracker.com/id?1020624

Url: http://marc.info/?l=bugtraq&m=123376588623823&w=2

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534

Url: http://www.vmware.com/security/advisories/VMSA-2009-0002.html

Url: https://access.redhat.com/errata/RHSA-2008:0648

Url: https://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Url: http://www.vupen.com/english/advisories/2009/0320

Url: http://www.vupen.com/english/advisories/2009/3316

Url: http://secunia.com/advisories/30592

Url: http://www.vupen.com/english/advisories/2008/1725

Url: http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

Url: http://www.securityfocus.com/archive/1/492958/100/0/threaded

Url: http://tomcat.apache.org/security-5.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/42816

Url: https://bugzilla.redhat.com/show_bug.cgi?id=446393

Url: http://marc.info/?l=bugtraq&m=139344343412337&w=2

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html

Url: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009

Url: http://www.vupen.com/english/advisories/2008/2780

Url: https://access.redhat.com/errata/RHSA-2008:1007

Url: http://secunia.com/advisories/57126

Url: http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

Url: http://secunia.com/advisories/32120

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html

Url: http://marc.info/?l=tomcat-user&m=121244319501278&w=2

Url: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Url: http://www.debian.org/security/2008/dsa-1593

Url: https://web.archive.org/web/20200514224656/http://www.securityfocus.com/archive/1/507985/100/0/threaded

Url: http://secunia.com/advisories/30500

Url: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

Url: http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Url: http://www.securityfocus.com/archive/1/507985/100/0/threaded

Url: https://github.com/apache/tomcat/commit/78ad0fcbe29c824f1f2e45a4e2716247b033250a

Url: http://www.redhat.com/support/errata/RHSA-2008-0648.html

Url: http://secunia.com/advisories/31639

Url: http://secunia.com/advisories/37460

Url: http://tomcat.apache.org/security-6.html

Url: http://www.redhat.com/support/errata/RHSA-2008-0864.html

Url: https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

Url: https://access.redhat.com/errata/RHSA-2008:0864

Url: https://www.mend.io/vulnerability-database/CVE-2008-1947

Severity Score

3.7

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us