CVE-2008-1947
tomcat5.5
EPSS 59.3%
Description
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to `host-manager/html/add`.
How to fix CVE-2008-1947
To remediate CVE-2008-1947, upgrade the affected package to a fixed version below.
- Debian/tomcat5.5—upgrade to 5.5.20-2etch3 or later
- Maven/org.apache.tomcat.embed:tomcat-embed-core—upgrade to 5.5.27 or later
- Maven/org.apache.tomcat:tomcat—upgrade to 5.5.27 or later
Is CVE-2008-1947 being exploited?
Likely — EPSS is 59.3%, placing CVE-2008-1947 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (3)
- from 0, < 5.5.20-2etch3
- >= 5.5.9, < 5.5.27
- >= 5.5.9, < 5.5.27
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |