{
  "threat_severity" : "Low",
  "public_date" : "2008-06-02T00:00:00Z",
  "bugzilla" : {
    "description" : "Tomcat host manager xss - name field",
    "id" : "446393",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
  },
  "cwe" : "CWE-79",
  "details" : [ "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Developer Suite V.3",
    "release_date" : "2008-10-02T00:00:00Z",
    "advisory" : "RHSA-2008:0864",
    "cpe" : "cpe:/a:redhat:rhel_developer_suite:3",
    "package" : "tomcat5-0:5.5.23-0jpp_12rh"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2008-08-27T00:00:00Z",
    "advisory" : "RHSA-2008:0648",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "tomcat5-0:5.5.23-0jpp.7.el5_2.1"
  }, {
    "product_name" : "Red Hat Network Satellite Server v 5.0",
    "release_date" : "2008-12-08T00:00:00Z",
    "advisory" : "RHSA-2008:1007",
    "cpe" : "cpe:/a:redhat:network_satellite:5.0:el4",
    "package" : "tomcat5-0:5.0.30-0jpp_12rh"
  }, {
    "product_name" : "Red Hat Network Satellite Server v 5.1",
    "release_date" : "2008-12-08T00:00:00Z",
    "advisory" : "RHSA-2008:1007",
    "cpe" : "cpe:/a:redhat:network_satellite:5.1::el4",
    "package" : "tomcat5-0:5.0.30-0jpp_12rh"
  }, {
    "product_name" : "RHAPS Version 2 for RHEL 4",
    "release_date" : "2008-10-02T00:00:00Z",
    "advisory" : "RHSA-2008:0862",
    "cpe" : "cpe:/a:redhat:rhel_application_server:2",
    "package" : "tomcat5-0:5.5.23-0jpp_4rh.9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2008-1947\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-1947" ],
  "name" : "CVE-2008-1947",
  "csaw" : false
}