CVE 2008-1947
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/
Related bugs and status
CVE-2008-1947 (Candidate) is related to these bugs:
Bug #256052: Build the complete tomcat6 stack
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 256052 | Build the complete tomcat6 stack | tomcat6 (Ubuntu) | Wishlist | Fix Released | ||
| 256052 | Build the complete tomcat6 stack | tomcat6 (Debian) | Unknown | Fix Released | ||
Bug #256802: tomcat <6.0.18: Directory Traversal (CVE-2008-2938)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 256802 | tomcat <6.0.18: Directory Traversal (CVE-2008-2938) | tomcat6 (Ubuntu) | Undecided | Fix Released | ||
| 256802 | tomcat <6.0.18: Directory Traversal (CVE-2008-2938) | tomcat5.5 (Ubuntu) | Low | Fix Released | ||
| 256802 | tomcat <6.0.18: Directory Traversal (CVE-2008-2938) | tomcat6 (Gentoo Linux) | Critical | Invalid | ||
| 256802 | tomcat <6.0.18: Directory Traversal (CVE-2008-2938) | tomcat5.5 (Debian) | Unknown | Fix Released | ||
| 256802 | tomcat <6.0.18: Directory Traversal (CVE-2008-2938) | tomcat5.5 (Ubuntu Hardy) | Low | Fix Released | ||
| 256802 | tomcat <6.0.18: Directory Traversal (CVE-2008-2938) | tomcat6 (Ubuntu Hardy) | Undecided | Invalid | ||
Bug #256922: Information disclosure vulnerability (CVE-2008-2370)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 256922 | Information disclosure vulnerability (CVE-2008-2370) | tomcat6 (Ubuntu) | Undecided | Fix Released | ||
| 256922 | Information disclosure vulnerability (CVE-2008-2370) | tomcat5.5 (Ubuntu) | Medium | Fix Released | ||
| 256922 | Information disclosure vulnerability (CVE-2008-2370) | tomcat5.5 (Debian) | Unknown | Fix Released | ||
| 256922 | Information disclosure vulnerability (CVE-2008-2370) | tomcat5.5 (Ubuntu Hardy) | Medium | Fix Released | ||
| 256922 | Information disclosure vulnerability (CVE-2008-2370) | tomcat6 (Ubuntu Hardy) | Undecided | Invalid | ||
Bug #256926: Cross-site scripting through sendError (CVE-2008-1232)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 256926 | Cross-site scripting through sendError (CVE-2008-1232) | tomcat6 (Ubuntu) | Undecided | Fix Released | ||
| 256926 | Cross-site scripting through sendError (CVE-2008-1232) | tomcat5.5 (Ubuntu) | Low | Fix Released | ||
| 256926 | Cross-site scripting through sendError (CVE-2008-1232) | tomcat5.5 (Debian) | Unknown | Fix Released | ||
| 256926 | Cross-site scripting through sendError (CVE-2008-1232) | tomcat5.5 (Ubuntu Hardy) | Low | Fix Released | ||
| 256926 | Cross-site scripting through sendError (CVE-2008-1232) | tomcat6 (Ubuntu Hardy) | Undecided | Invalid | ||
Bug #260016: Update to Tomcat 6.0.18
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 260016 | Update to Tomcat 6.0.18 | tomcat6 (Ubuntu) | Wishlist | Fix Released | ||
Bug #270553: Cross-site scripting in host-manager webapp (CVE-2008-1947)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 270553 | Cross-site scripting in host-manager webapp (CVE-2008-1947) | tomcat5.5 (Ubuntu) | Low | Invalid | ||
| 270553 | Cross-site scripting in host-manager webapp (CVE-2008-1947) | tomcat5.5 (Ubuntu Hardy) | Low | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
