Bug#484643: CVE-2008-1947: Cross-site scripting (XSS) vulnerability via the name parameter
Steffen Joeris
steffen.joeris at skolelinux.de
Thu Jun 5 09:44:44 UTC 2008
Package: tomcat5.5
Severity: important
Tags: security
Hi
The following CVE[0] has been issued against tomcat5.5
CVE-2008-1947:
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through
5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject
arbitrary web script or HTML via the name parameter (aka the hostname
attribute) to host-manager/html/add.
Some more information may be obtained from this report[1].
Please mention the CVE id in your changelog, when you fix this issue.
Cheers
Steffen
[0]: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1947
[1]: http://marc.info/?l=tomcat-user&m=121244319501278&w=2
More information about the pkg-java-maintainers
mailing list