PublicDate: 2008-06-04 19:32:00 UTC
Candidate: CVE-2008-1947
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947
Description:
 Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through
 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary
 web script or HTML via the name parameter (aka the hostname attribute) to
 host-manager/html/add.
Ubuntu-Description:
Notes:
Bugs:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS: 

Patches_tomcat5:
upstream_tomcat5: needs-triage
dapper_tomcat5: ignored (reached end-of-life)
feisty_tomcat5: needs-triage (reached end-of-life)
gutsy_tomcat5: DNE
hardy_tomcat5: DNE
intrepid_tomcat5: DNE
jaunty_tomcat5: DNE
karmic_tomcat5: DNE
devel_tomcat5: DNE

Patches_tomcat5.5:
 debdiff: http://launchpad.net/bugs/270553
upstream_tomcat5.5: released (5.5.26-3)
dapper_tomcat5.5: DNE
feisty_tomcat5.5: needed (reached end-of-life)
gutsy_tomcat5.5: needed (reached end-of-life)
hardy_tomcat5.5: released (5.5.25-5ubuntu1.1)
intrepid_tomcat5.5: not-affected (5.5.26-3)
jaunty_tomcat5.5: not-affected (5.5.26-3)
karmic_tomcat5.5: DNE
devel_tomcat5.5: DNE