 |
Name:
Apache.Tomcat.Host.Manager.Name.XSS
|
Released Date:
Jun 10 2008
|
Severity:
medium
|
CVE:
2008-1947
|
|
|
|
|
|
|
|
|
FortiGuard Center
> Vulnerability Encyclopedia
In-Depth Analysis
|
Description
|
This indicates an attempt to exploit an XSS vulnerability in the Apache Tomcat host-manager web application.
The vulnerability is a result of the application's failure to check user input before being returned to the user. As a result, a remote attacker can send a crafted request to execute arbitrary Javascript code on the vulnerable system.
|
|
|
|
Impact
|
|
System Compromise: Remote attackers can gain control of vulnerable systems.
|
|
|
|
Affected Products
|
Apache Tomcat version 5.5.9 through 5.5.26.
Apache Tomcat version 6.0.0 through 6.0.16.
|
|
Aliases
|
|
References
|
http://www.frsirt.com/english/advisories/2008/1725
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1947
http://secunia.com/advisories/30500/
|
|
Recommended Actions
|
|
Upgrade to latest version.
|
|
