Home > Vulnerability Database > CVE-2008-1947

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2008-1947

Date: June 4, 2008

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Severity Score

3.7

Related Resources (56)

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html

Url: http://www.securityfocus.com/bid/29502

Url: http://secunia.com/advisories/31865

Url: http://secunia.com/advisories/34013

Url: http://support.apple.com/kb/HT3216

Url: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-1947

Url: https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

Url: http://secunia.com/advisories/32222

Url: http://secunia.com/advisories/32266

Url: http://secunia.com/advisories/31891

Url: http://secunia.com/advisories/33797

Url: http://www.redhat.com/support/errata/RHSA-2008-0862.html

Url: http://www.vupen.com/english/advisories/2008/2823

Url: http://secunia.com/advisories/33999

Url: http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Url: http://www.securityfocus.com/bid/31681

Url: https://access.redhat.com/security/cve/CVE-2008-1947

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:188

Url: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

Url: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

Url: http://secunia.com/advisories/30967

Url: http://www.vupen.com/english/advisories/2009/0503

Url: http://www.vmware.com/security/advisories/VMSA-2009-0002.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534

Url: http://www.securitytracker.com/id?1020624

Url: http://marc.info/?l=bugtraq&m=123376588623823&w=2

Url: http://www.vupen.com/english/advisories/2009/0320

Url: http://www.vupen.com/english/advisories/2009/3316

Url: http://www.vupen.com/english/advisories/2008/1725

Url: http://secunia.com/advisories/30592

Url: http://www.securityfocus.com/archive/1/492958/100/0/threaded

Url: http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/42816

Url: http://tomcat.apache.org/security-5.html

Url: http://marc.info/?l=bugtraq&m=139344343412337&w=2

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009

Url: http://www.vupen.com/english/advisories/2008/2780

Url: http://secunia.com/advisories/57126

Url: http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

Url: http://marc.info/?l=tomcat-user&m=121244319501278&w=2

Url: http://secunia.com/advisories/32120

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html

Url: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Url: http://www.debian.org/security/2008/dsa-1593

Url: http://secunia.com/advisories/30500

Url: http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Url: http://www.securityfocus.com/archive/1/507985/100/0/threaded

Url: http://www.redhat.com/support/errata/RHSA-2008-0648.html

Url: http://secunia.com/advisories/31639

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-1947

Url: http://secunia.com/advisories/37460

Url: http://tomcat.apache.org/security-6.html

Url: http://www.redhat.com/support/errata/RHSA-2008-0864.html

Url: https://www.mend.io/vulnerability-database/CVE-2008-1947

Severity Score

3.7

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us