Search for vulnerabilities
Vulnerability details: VCID-nwsx-6pj2-aaap
Vulnerability ID VCID-nwsx-6pj2-aaap
Aliases CVE-2008-1947
GHSA-f98p-9pp6-7q6c
Summary CVE-2008-1947 Tomcat host manager xss - name field
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
cvssv3.1 5.3 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
generic_textual MODERATE http://marc.info/?l=bugtraq&m=123376588623823&w=2
cvssv3.1 7.5 http://marc.info/?l=bugtraq&m=139344343412337&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=139344343412337&w=2
generic_textual MODERATE http://marc.info/?l=tomcat-user&m=121244319501278&w=2
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2008:0648
rhas Important https://access.redhat.com/errata/RHSA-2008:0648
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2008:0862
rhas Important https://access.redhat.com/errata/RHSA-2008:0862
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2008:0864
rhas Important https://access.redhat.com/errata/RHSA-2008:0864
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2008:1007
rhas Low https://access.redhat.com/errata/RHSA-2008:1007
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2008-1947
epss 0.05366 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.05366 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.05366 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.06343 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.06343 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.06343 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.06343 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.06343 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.06343 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.06343 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.06343 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.06343 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.06343 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.06343 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.09996 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.49114 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
epss 0.53694 https://api.first.org/data/v1/epss?cve=CVE-2008-1947
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=446393
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=446393
apache_tomcat Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947
generic_textual MODERATE http://secunia.com/advisories/31639
generic_textual MODERATE http://secunia.com/advisories/31865
generic_textual MODERATE http://secunia.com/advisories/31891
generic_textual MODERATE http://secunia.com/advisories/32120
generic_textual MODERATE http://secunia.com/advisories/32222
generic_textual MODERATE http://secunia.com/advisories/32266
generic_textual MODERATE http://secunia.com/advisories/33797
generic_textual MODERATE http://secunia.com/advisories/33999
generic_textual MODERATE http://secunia.com/advisories/34013
cvssv3.1 4.2 http://secunia.com/advisories/37460
generic_textual MODERATE http://secunia.com/advisories/37460
generic_textual MODERATE http://secunia.com/advisories/57126
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/42816
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-f98p-9pp6-7q6c
cvssv3.1 7.5 https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat
generic_textual MODERATE https://github.com/apache/tomcat
generic_textual MODERATE https://github.com/apache/tomcat/commit/49c71fc59c1b8f8da77aea9eb53e61db168aebab
generic_textual MODERATE https://github.com/apache/tomcat/commit/5f00d434c8dc11bd49ce0b4b56fe889839056030
generic_textual MODERATE https://github.com/apache/tomcat/commit/78ad0fcbe29c824f1f2e45a4e2716247b033250a
generic_textual MODERATE https://github.com/apache/tomcat/commit/ab6a6c41ac972c845717c9d639f0335865afab4d
cvssv3.1 4.2 https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
generic_textual LOW https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
generic_textual LOW https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
generic_textual LOW https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
generic_textual LOW https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2008-1947
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2008-1947
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009
generic_textual MODERATE http://support.apple.com/kb/HT3216
generic_textual MODERATE http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
generic_textual MODERATE https://web.archive.org/web/20200514224656/http://www.securityfocus.com/archive/1/507985/100/0/threaded
generic_textual MODERATE https://web.archive.org/web/20201208011750/http://www.securityfocus.com/archive/1/492958/100/0/threaded
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
cvssv3.1 4.2 http://tomcat.apache.org/security-5.html
generic_textual MODERATE http://tomcat.apache.org/security-5.html
cvssv3.1 9.8 http://tomcat.apache.org/security-6.html
generic_textual CRITICAL http://tomcat.apache.org/security-6.html
generic_textual MODERATE http://tomcat.apache.org/security-6.html
generic_textual MODERATE http://www.debian.org/security/2008/dsa-1593
generic_textual MODERATE http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2008-0648.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2008-0862.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2008-0864.html
cvssv3.1 4.2 http://www.securityfocus.com/archive/1/507985/100/0/threaded
generic_textual MODERATE http://www.securityfocus.com/archive/1/507985/100/0/threaded
generic_textual MODERATE http://www.securityfocus.com/bid/31681
generic_textual MODERATE http://www.vmware.com/security/advisories/VMSA-2009-0002.html
cvssv3.1 4.2 http://www.vmware.com/security/advisories/VMSA-2009-0016.html
generic_textual MODERATE http://www.vmware.com/security/advisories/VMSA-2009-0016.html
generic_textual MODERATE http://www.vupen.com/english/advisories/2008/2780
generic_textual MODERATE http://www.vupen.com/english/advisories/2008/2823
generic_textual MODERATE http://www.vupen.com/english/advisories/2009/0320
generic_textual MODERATE http://www.vupen.com/english/advisories/2009/0503
cvssv3.1 4.2 http://www.vupen.com/english/advisories/2009/3316
generic_textual MODERATE http://www.vupen.com/english/advisories/2009/3316
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://marc.info/?l=bugtraq&m=123376588623823&w=2
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://marc.info/?l=tomcat-user&m=121244319501278&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1947.json
https://api.first.org/data/v1/epss?cve=CVE-2008-1947
http://secunia.com/advisories/30500
http://secunia.com/advisories/30592
http://secunia.com/advisories/30967
http://secunia.com/advisories/31639
http://secunia.com/advisories/31865
http://secunia.com/advisories/31891
http://secunia.com/advisories/32120
http://secunia.com/advisories/32222
http://secunia.com/advisories/32266
http://secunia.com/advisories/33797
http://secunia.com/advisories/33999
http://secunia.com/advisories/34013
http://secunia.com/advisories/37460
http://secunia.com/advisories/57126
https://exchange.xforce.ibmcloud.com/vulnerabilities/42816
https://github.com/apache/tomcat
https://github.com/apache/tomcat/commit/49c71fc59c1b8f8da77aea9eb53e61db168aebab
https://github.com/apache/tomcat/commit/5f00d434c8dc11bd49ce0b4b56fe889839056030
https://github.com/apache/tomcat/commit/78ad0fcbe29c824f1f2e45a4e2716247b033250a
https://github.com/apache/tomcat/commit/ab6a6c41ac972c845717c9d639f0335865afab4d
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
https://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009
https://svn.apache.org/viewvc?view=rev&rev=662583
https://svn.apache.org/viewvc?view=rev&rev=662585
http://support.apple.com/kb/HT3216
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
https://web.archive.org/web/20200514224656/http://www.securityfocus.com/archive/1/507985/100/0/threaded
https://web.archive.org/web/20201208011750/http://www.securityfocus.com/archive/1/492958/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.debian.org/security/2008/dsa-1593
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
http://www.redhat.com/support/errata/RHSA-2008-0648.html
http://www.redhat.com/support/errata/RHSA-2008-0862.html
http://www.redhat.com/support/errata/RHSA-2008-0864.html
http://www.securityfocus.com/archive/1/492958/100/0/threaded
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/29502
http://www.securityfocus.com/bid/31681
http://www.securitytracker.com/id?1020624
http://www.vmware.com/security/advisories/VMSA-2009-0002.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2008/1725
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2008/2823
http://www.vupen.com/english/advisories/2009/0320
http://www.vupen.com/english/advisories/2009/0503
http://www.vupen.com/english/advisories/2009/3316
446393 https://bugzilla.redhat.com/show_bug.cgi?id=446393
cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
CVE-2008-1947 https://access.redhat.com/security/cve/CVE-2008-1947
CVE-2008-1947 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947
CVE-2008-1947 https://nvd.nist.gov/vuln/detail/CVE-2008-1947
GHSA-f98p-9pp6-7q6c https://github.com/advisories/GHSA-f98p-9pp6-7q6c
RHSA-2008:0648 https://access.redhat.com/errata/RHSA-2008:0648
RHSA-2008:0862 https://access.redhat.com/errata/RHSA-2008:0862
RHSA-2008:0864 https://access.redhat.com/errata/RHSA-2008:0864
RHSA-2008:1007 https://access.redhat.com/errata/RHSA-2008:1007
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://marc.info/?l=bugtraq&m=139344343412337&w=2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://secunia.com/advisories/37460
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1947
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://tomcat.apache.org/security-5.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-6.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://www.securityfocus.com/archive/1/507985/100/0/threaded
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://www.vupen.com/english/advisories/2009/3316
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.93003
EPSS Score 0.05366
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.