CVE-2008-1947Cross-site Scripting in Apache Tomcat

CWE-79Cross-site Scripting8 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
59.3%
top 1.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedJun 4
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat35 versions+34

🔴Vulnerability Details

3
OSV
Apache Tomcat Cross-site scripting (XSS) vulnerability2022-05-01
GHSA
Apache Tomcat Cross-site scripting (XSS) vulnerability2022-05-01
CVEList
CVE-2008-1947: Cross-site scripting (XSS) vulnerability in Apache Tomcat 52008-06-04

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Possible Apache Tomcat Host Manager Cross Site Scripting Attempt2010-07-30

📋Vendor Advisories

1
Red Hat
Tomcat host manager xss - name field2008-06-02

💬Community

2
Bugzilla
CVE-2008-2955 pidgin: remote DoS via MSN message with crafted file name2008-07-02
Bugzilla
CVE-2008-1947 Tomcat host manager xss - name field2008-05-14
CVE-2008-1947 — Cross-site Scripting in Apache Tomcat | cvebase