4.3
MEDIUM

CVE-2008-1947

Published: 04/06/2008 Updated: 11/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

Vulnerability Summary

Apache Tomcat Host Manager Application Cross-Site Scripting Vulnerability

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Apache Tomcat and HP HP-UX Tomcat-based Servlet Engine contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary script code in the user's browser session. The vulnerability is due to an input sanitization error by the Host Manager application.  An unauthenticated, remote attacker could exploit the vulnerability by convincing a user who is logged in to Host Manager to follow a crafted link that is designed to pass malicious HTML and script code to the targeted server.  The crafted link could allow the attacker to execute malicious HTML or script code in the user's browser session in the security context of the site. Sufficient information to reliably exploit the vulnerability is publicly available. Apache and HP confirmed the vulnerability in security announcement and released updated software.

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Complexity: MEDIUM
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Affected Products

Vendor Product Versions
ApacheTomcat5.5.9, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.5.17, 5.5.18, 5.5.19, 5.5.20, 5.5.21, 5.5.22, 5.5.23, 5.5.24, 5.5.25, 5.5.26, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16

Vendor Advisories

Synopsis Low: tomcat security update for Red Hat Network Satellite Server Type/Severity Security Advisory: Low Topic Updated tomcat packages that fix multiple security issues are now availablefor Red Hat Network Satellite ServerThis update has been rated as having low security impact by the RedHat Security ...
Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic Updated tomcat packages that fix multiple security issues are now availablefor Red Hat Developer Suite 3This update has been rated as having important security impact by the RedHat Security Response Team D ...
Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic Updated tomcat packages that fix several security issues are now availablefor Red Hat Application Server v2This update has been rated as having important security impact by the RedHat Security Response Team ...
It was discovered that the Host Manager web application performed insufficient input sanitising, which could lead to cross-site scripting For the stable distribution (etch), this problem has been fixed in version 5520-2etch3 For the unstable distribution (sid), this problem has been fixed in version 5526-3 We recommend that you upgrade your ...

Mailing Lists

Tomcat versions 559 through 5526 and versions 600 through 6016 suffer from a host-manager cross site scripting vulnerability ...

References

CWE-79http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://marc.info/?l=bugtraq&m=123376588623823&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://marc.info/?l=tomcat-user&m=121244319501278&w=2http://secunia.com/advisories/30500http://secunia.com/advisories/30592http://secunia.com/advisories/30967http://secunia.com/advisories/31639http://secunia.com/advisories/31865http://secunia.com/advisories/31891http://secunia.com/advisories/32120http://secunia.com/advisories/32222http://secunia.com/advisories/32266http://secunia.com/advisories/33797http://secunia.com/advisories/33999http://secunia.com/advisories/34013http://secunia.com/advisories/37460http://secunia.com/advisories/57126http://support.apple.com/kb/HT3216http://support.avaya.com/elmodocs2/security/ASA-2008-401.htmhttp://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://www.debian.org/security/2008/dsa-1593http://www.mandriva.com/security/advisories?name=MDVSA-2008:188http://www.redhat.com/support/errata/RHSA-2008-0648.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0862.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0864.htmlhttp://www.securityfocus.com/archive/1/492958/100/0/threadedhttp://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/bid/29502http://www.securityfocus.com/bid/31681http://www.securitytracker.com/id?1020624http://www.vmware.com/security/advisories/VMSA-2009-0002.htmlhttp://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2008/1725http://www.vupen.com/english/advisories/2008/2780http://www.vupen.com/english/advisories/2008/2823http://www.vupen.com/english/advisories/2009/0320http://www.vupen.com/english/advisories/2009/0503http://www.vupen.com/english/advisories/2009/3316https://exchange.xforce.ibmcloud.com/vulnerabilities/42816https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.htmlhttps://access.redhat.com/errata/RHSA-2008:1007https://nvd.nist.govhttps://www.rapid7.com/db/vulnerabilities/apache-tomcat-cve-2007-5342http://tools.cisco.com/security/center/viewAlert.x?alertId=16021