Ubuntu
tomcat5.5 package

Cross-site scripting in host-manager webapp (CVE-2008-1947)

Hardy (8.04)
Bug #270553

Bug #270553 reported by Thierry Carrez on 2008-09-15

254

Affects		Status	Importance	Assigned to	Milestone
	tomcat5.5 (Ubuntu)	Invalid	Low	Unassigned
	Hardy	Fix Released	Low	Thierry Carrez

Bug Description

Binary package hint: tomcat5.5

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Related branches

lp:ubuntu/hardy-updates/tomcat5.5

CVE References

Revision history for this message

Thierry Carrez (ttx) wrote on 2008-09-15:

Fixed in intrepid (as of 5.5.26-3)

Changed in tomcat5.5:
importance:	Undecided → Low
status:	New → Invalid

Thierry Carrez (ttx) on 2008-09-15

Changed in tomcat5.5:
assignee:	nobody → tcarrez
importance:	Undecided → Low
status:	New → In Progress

Revision history for this message

Thierry Carrez (ttx) wrote on 2008-09-15:

tomcat5.5_5.5.25-5ubuntu1.1.debdiff Edit (11.3 KiB, text/plain)

Proposed security fix for hardy

Jamie Strandboge (jdstrand) on 2008-09-15

Changed in tomcat5.5:
status:	In Progress → Fix Committed

Jamie Strandboge (jdstrand) on 2008-09-16

Changed in tomcat5.5:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

tomcat5.5_5.5.25-5ubuntu1.1.debdiff Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntutomcat5.5 package