CVE 2008-1232
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResp
Related bugs and status
CVE-2008-1232 (Candidate) is related to these bugs:
Bug #112626: unable to install tomcat 5.5 on update ubuntu 7.04
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
112626 | unable to install tomcat 5.5 on update ubuntu 7.04 | tomcat5.5 (Ubuntu) | Low | Fix Released |
Bug #179447: Installation of tomcat5.5 fails if openjdk-6 or a JRE is installed
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
179447 | Installation of tomcat5.5 fails if openjdk-6 or a JRE is installed | tomcat5.5 (Ubuntu) | Medium | Fix Released | ||
179447 | Installation of tomcat5.5 fails if openjdk-6 or a JRE is installed | tomcat5.5 (Debian) | Unknown | Fix Released | ||
179447 | Installation of tomcat5.5 fails if openjdk-6 or a JRE is installed | tomcat5.5 (Ubuntu Hardy) | High | Fix Released |
Bug #212521: Installation fails even if openjdk-6-jdk is installed
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
212521 | Installation fails even if openjdk-6-jdk is installed | tomcat5.5 (Ubuntu) | Medium | Fix Released | ||
212521 | Installation fails even if openjdk-6-jdk is installed | tomcat5.5 (Debian) | Unknown | Fix Released | ||
212521 | Installation fails even if openjdk-6-jdk is installed | tomcat5.5 (Ubuntu Hardy) | Undecided | Fix Released |
Bug #256802: tomcat <6.0.18: Directory Traversal (CVE-2008-2938)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
256802 | tomcat <6.0.18: Directory Traversal (CVE-2008-2938) | tomcat6 (Ubuntu) | Undecided | Fix Released | ||
256802 | tomcat <6.0.18: Directory Traversal (CVE-2008-2938) | tomcat5.5 (Ubuntu) | Low | Fix Released | ||
256802 | tomcat <6.0.18: Directory Traversal (CVE-2008-2938) | tomcat6 (Gentoo Linux) | Critical | Invalid | ||
256802 | tomcat <6.0.18: Directory Traversal (CVE-2008-2938) | tomcat5.5 (Debian) | Unknown | Fix Released | ||
256802 | tomcat <6.0.18: Directory Traversal (CVE-2008-2938) | tomcat5.5 (Ubuntu Hardy) | Low | Fix Released | ||
256802 | tomcat <6.0.18: Directory Traversal (CVE-2008-2938) | tomcat6 (Ubuntu Hardy) | Undecided | Invalid |
Bug #256922: Information disclosure vulnerability (CVE-2008-2370)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
256922 | Information disclosure vulnerability (CVE-2008-2370) | tomcat6 (Ubuntu) | Undecided | Fix Released | ||
256922 | Information disclosure vulnerability (CVE-2008-2370) | tomcat5.5 (Ubuntu) | Medium | Fix Released | ||
256922 | Information disclosure vulnerability (CVE-2008-2370) | tomcat5.5 (Debian) | Unknown | Fix Released | ||
256922 | Information disclosure vulnerability (CVE-2008-2370) | tomcat5.5 (Ubuntu Hardy) | Medium | Fix Released | ||
256922 | Information disclosure vulnerability (CVE-2008-2370) | tomcat6 (Ubuntu Hardy) | Undecided | Invalid |
Bug #256926: Cross-site scripting through sendError (CVE-2008-1232)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
256926 | Cross-site scripting through sendError (CVE-2008-1232) | tomcat6 (Ubuntu) | Undecided | Fix Released | ||
256926 | Cross-site scripting through sendError (CVE-2008-1232) | tomcat5.5 (Ubuntu) | Low | Fix Released | ||
256926 | Cross-site scripting through sendError (CVE-2008-1232) | tomcat5.5 (Debian) | Unknown | Fix Released | ||
256926 | Cross-site scripting through sendError (CVE-2008-1232) | tomcat5.5 (Ubuntu Hardy) | Low | Fix Released | ||
256926 | Cross-site scripting through sendError (CVE-2008-1232) | tomcat6 (Ubuntu Hardy) | Undecided | Invalid |
Bug #260016: Update to Tomcat 6.0.18
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
260016 | Update to Tomcat 6.0.18 | tomcat6 (Ubuntu) | Wishlist | Fix Released |
Bug #270553: Cross-site scripting in host-manager webapp (CVE-2008-1947)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
270553 | Cross-site scripting in host-manager webapp (CVE-2008-1947) | tomcat5.5 (Ubuntu) | Low | Invalid | ||
270553 | Cross-site scripting in host-manager webapp (CVE-2008-1947) | tomcat5.5 (Ubuntu Hardy) | Low | Fix Released |
Bug #298043: Please merge tomcat5.5 5.5.26-5 (universe) from Debian unstable (main)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
298043 | Please merge tomcat5.5 5.5.26-5 (universe) from Debian unstable (main) | tomcat5.5 (Ubuntu) | Wishlist | Fix Released |
Bug #298051: tomcat5.5 initscript "status" action always return 0
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
298051 | tomcat5.5 initscript "status" action always return 0 | tomcat5.5 (Ubuntu) | Low | Fix Released |
See the
CVE page on Mitre.org
for more details.