{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-20T22:04:55.126","vulnerabilities":[{"cve":{"id":"CVE-2008-1947","sourceIdentifier":"secalert@redhat.com","published":"2008-06-04T19:32:00.000","lastModified":"2026-06-16T22:52:48.297","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add."},{"lang":"es","value":"Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Apache Tomcat v5.5.9 a la v5.5.26 y v6.0.0 a la v6.0.16, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través del parámetro name (también conocido como el atributo hostname) al host-manager/html/add."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*","matchCriteriaId":"5B0C01D5-773F-469C-9E69-170C2844AAA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*","matchCriteriaId":"EB03FDFB-4DBF-4B70-BFA3-570D1DE67695"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*","matchCriteriaId":"9F5CF79C-759B-4FF9-90EE-847264059E93"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*","matchCriteriaId":"357651FD-392E-4775-BF20-37A23B3ABAE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*","matchCriteriaId":"585B9476-6B86-4809-9B9E-26112114CB59"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*","matchCriteriaId":"6145036D-4FCE-4EBE-A137-BDFA69BA54F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*","matchCriteriaId":"E437055A-0A81-413F-AB08-0E9D0DC9EA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*","matchCriteriaId":"9276A093-9C98-4617-9941-2276995F5848"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*","matchCriteriaId":"97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*","matchCriteriaId":"C98575E2-E39A-4A8F-B5B5-BD280B8367BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*","matchCriteriaId":"5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*","matchCriteriaId":"DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*","matchCriteriaId":"5878E08E-2741-4798-94E9-BA8E07386B12"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*","matchCriteriaId":"69F6BAB7-C099-4345-A632-7287AEA555B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*","matchCriteriaId":"F3AAF031-D16B-4D51-9581-2D1376A5157B"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*","matchCriteriaId":"51120689-F5C0-4DF1-91AA-314C40A46C58"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*","matchCriteriaId":"F67477AB-85F6-421C-9C0B-C8EFB1B200CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*","matchCriteriaId":"16D0C265-2ED9-42CF-A7D6-C7FAE4246A1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"49E3C039-A949-4F1B-892A-57147EECB249"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"F28C7801-41B9-4552-BA1E-577967BCBBEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"25B21085-7259-4685-9D1F-FF98E6489E10"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*","matchCriteriaId":"635EE321-2A1F-4FF8-95BE-0C26591969D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*","matchCriteriaId":"9A81B035-8598-4D2C-B45F-C6C9D4B10C2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*","matchCriteriaId":"E1096947-82A6-4EA8-A4F2-00D91E3F7DAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*","matchCriteriaId":"0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*","matchCriteriaId":"B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*","matchCriteriaId":"9C95ADA4-66F5-45C4-A677-ACE22367A75A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*","matchCriteriaId":"11951A10-39A2-4FF5-8C43-DF94730FB794"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*","matchCriteriaId":"351E5BCF-A56B-4D91-BA3C-21A4B77D529A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*","matchCriteriaId":"2DC2BBB4-171E-4EFF-A575-A5B7FF031755"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","matchCriteriaId":"6B6B0504-27C1-4824-A928-A878CBBAB32D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","matchCriteriaId":"CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","matchCriteriaId":"D903956B-14F5-4177-AF12-0A5F1846D3C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","matchCriteriaId":"81F847DC-A2F5-456C-9038-16A0E85F4C3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","matchCriteriaId":"AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD"}]}]}],"references":[{"url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html","source":"secalert@redhat.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html","source":"secalert@redhat.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","source":"secalert@redhat.com"},{"url":"http://marc.info/?l=bugtraq&m=123376588623823&w=2","source":"secalert@redhat.com"},{"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","source":"secalert@redhat.com"},{"url":"http://marc.info/?l=tomcat-user&m=121244319501278&w=2","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/30500","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/30592","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/30967","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/31639","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/31865","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/31891","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/32120","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/32222","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/32266","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/33797","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/33999","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/34013","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/37460","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/57126","source":"secalert@redhat.com"},{"url":"http://support.apple.com/kb/HT3216","source":"secalert@redhat.com"},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm","source":"secalert@redhat.com"},{"url":"http://tomcat.apache.org/security-5.html","source":"secalert@redhat.com"},{"url":"http://tomcat.apache.org/security-6.html","source":"secalert@redhat.com"},{"url":"http://www.debian.org/security/2008/dsa-1593","source":"secalert@redhat.com"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:188","source":"secalert@redhat.com"},{"url":"http://www.redhat.com/support/errata/RHSA-2008-0648.html","source":"secalert@redhat.com"},{"url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html","source":"secalert@redhat.com"},{"url":"http://www.redhat.com/support/errata/RHSA-2008-0864.html","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/archive/1/492958/100/0/threaded","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/bid/29502","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/bid/31681","source":"secalert@redhat.com"},{"url":"http://www.securitytracker.com/id?1020624","source":"secalert@redhat.com"},{"url":"http://www.vmware.com/security/advisories/VMSA-2009-0002.html","source":"secalert@redhat.com"},{"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","source":"secalert@redhat.com"},{"url":"http://www.vupen.com/english/advisories/2008/1725","source":"secalert@redhat.com"},{"url":"http://www.vupen.com/english/advisories/2008/2780","source":"secalert@redhat.com"},{"url":"http://www.vupen.com/english/advisories/2008/2823","source":"secalert@redhat.com"},{"url":"http://www.vupen.com/english/advisories/2009/0320","source":"secalert@redhat.com"},{"url":"http://www.vupen.com/english/advisories/2009/0503","source":"secalert@redhat.com"},{"url":"http://www.vupen.com/english/advisories/2009/3316","source":"secalert@redhat.com"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/42816","source":"secalert@redhat.com"},{"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","source":"secalert@redhat.com"},{"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","source":"secalert@redhat.com"},{"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","source":"secalert@redhat.com"},{"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","source":"secalert@redhat.com"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534","source":"secalert@redhat.com"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009","source":"secalert@redhat.com"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html","source":"secalert@redhat.com"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html","source":"secalert@redhat.com"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html","source":"secalert@redhat.com"},{"url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://marc.info/?l=bugtraq&m=123376588623823&w=2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://marc.info/?l=tomcat-user&m=121244319501278&w=2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/30500","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/30592","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/30967","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/31639","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/31865","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/31891","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/32120","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/32222","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/32266","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/33797","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/33999","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/34013","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/37460","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/57126","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://support.apple.com/kb/HT3216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://tomcat.apache.org/security-5.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://tomcat.apache.org/security-6.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2008/dsa-1593","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:188","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.redhat.com/support/errata/RHSA-2008-0648.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.redhat.com/support/errata/RHSA-2008-0864.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/492958/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/29502","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/31681","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id?1020624","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vmware.com/security/advisories/VMSA-2009-0002.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2008/1725","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2008/2780","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2008/2823","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2009/0320","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2009/0503","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2009/3316","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/42816","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}