Cross-site scripting in host-manager webapp (CVE-2008-1947)
Bug #270553 reported by
Thierry Carrez
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tomcat5.5 (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
Hardy |
Fix Released
|
Low
|
Thierry Carrez |
Bug Description
Binary package hint: tomcat5.5
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/
Related branches
Changed in tomcat5.5: | |
assignee: | nobody → tcarrez |
importance: | Undecided → Low |
status: | New → In Progress |
Changed in tomcat5.5: | |
status: | In Progress → Fix Committed |
Changed in tomcat5.5: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Fixed in intrepid (as of 5.5.26-3)