CVE-2008-1232

Impact:
Low
Public Date:
2008-08-01
CWE:
CWE-79
Bugzilla:
457597: CVE-2008-1232 tomcat: Cross-Site-Scripting enabled by sendError call

The MITRE CVE dictionary describes this issue as:

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

Find out more about CVE-2008-1232 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server (jbossweb) RHSA-2008:0877 2008-09-22
Red Hat Certificate System 7.3 for 4AS RHSA-2010:0602 2010-08-04
Red Hat Enterprise Linux 5 (tomcat5) RHSA-2008:0648 2008-08-27
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server (jbossweb) RHSA-2008:0877 2008-09-22
Red Hat Application Server v2 4AS (tomcat5) RHSA-2008:0862 2008-10-02
Red Hat Satellite 5.0 (RHEL v.4 AS) RHSA-2008:1007 2008-12-08
Red Hat Satellite 5.1 (RHEL v.4 AS) (tomcat5) RHSA-2008:1007 2008-12-08
Red Hat Developer Suite v.3 (AS v.4) (tomcat5) RHSA-2008:0864 2008-10-02
Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS (jbossweb) RHSA-2008:0877 2008-09-22
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS (jbossweb) RHSA-2008:0877 2008-09-22

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.