CVE-2008-1232
Apache Tomcat 6.0.16 - 'HttpServletResponse.sendError()' Cross-Site Scripting
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Apache Tomcat 4.1.0 hasta la 4.1.37, 5.5.0 hasta la 5.5.26 y 6.0.0 hasta la 6.0.16, permite a atacantes remotos inyectar arbitrariamente secuencias de comandos web o HTML a través de una cadena manipulada usada en el argumento message del método HttpServletResponse.sendError.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-03-10 CVE Reserved
- 2008-08-01 CVE Published
- 2008-08-01 First Exploit
- 2024-08-07 CVE Updated
- 2024-08-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (67)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/32138 | 2008-08-01 | |
http://www.securityfocus.com/bid/30496 | 2024-08-07 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | >= 4.1.0 <= 4.1.37 Search vendor "Apache" for product "Tomcat" and version " >= 4.1.0 <= 4.1.37" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | >= 5.5.0 <= 5.5.26 Search vendor "Apache" for product "Tomcat" and version " >= 5.5.0 <= 5.5.26" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | >= 6.0.0 <= 6.0.16 Search vendor "Apache" for product "Tomcat" and version " >= 6.0.0 <= 6.0.16" | - |
Affected
|