Vulnerability in N/a
CVE-2008-1232
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message…
EPSS: 0.759 (99.5th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 1020622 (vdb-entry, x_refsource_SECTRACK)
- oval:org.mitre.oval:def:5985 (x_refsource_OVAL, signature, vdb-entry)
- tomcat.apache.org/security-4.html (x_refsource_CONFIRM)
- RHSA-2008:0862 (x_refsource_REDHAT, vendor-advisory)
- ADV-2009-1609 (vdb-entry, x_refsource_VUPEN)
- ADV-2009-2194 (vdb-entry, x_refsource_VUPEN)
- 34013 (x_refsource_SECUNIA, third-party-advisory)
- community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-… (x_refsource_CONFIRM)
- ADV-2008-2823 (vdb-entry, x_refsource_VUPEN)
- 37460 (x_refsource_SECUNIA, third-party-advisory)