ID CVE-2003-0044
Summary Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 3.0
    cpe:2.3:a:apache:tomcat:3.0
  • Apache Software Foundation Tomcat 3.1
    cpe:2.3:a:apache:tomcat:3.1
  • Apache Software Foundation Tomcat 3.1.1
    cpe:2.3:a:apache:tomcat:3.1.1
  • Apache Software Foundation Tomcat 3.2
    cpe:2.3:a:apache:tomcat:3.2
  • Apache Software Foundation Tomcat 3.2.1
    cpe:2.3:a:apache:tomcat:3.2.1
  • Apache Software Foundation Tomcat 3.2.3
    cpe:2.3:a:apache:tomcat:3.2.3
  • Apache Software Foundation Tomcat 3.2.4
    cpe:2.3:a:apache:tomcat:3.2.4
  • Apache Software Foundation Tomcat 3.3
    cpe:2.3:a:apache:tomcat:3.3
  • Apache Software Foundation Tomcat 3.3.1
    cpe:2.3:a:apache:tomcat:3.3.1
  • Apache Software Foundation Tomcat 3.3.1a
    cpe:2.3:a:apache:tomcat:3.3.1a
CVSS
Base: 6.8 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-246.NASL
    description The developers of tomcat discovered several problems in tomcat version 3.x. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2003-0042: A maliciously crafted request could return a directory listing even when an index.html, index.jsp, or other welcome file is present. File contents can be returned as well. - CAN-2003-0043: A malicious web application could read the contents of some files outside the web application via its web.xml file in spite of the presence of a security manager. The content of files that can be read as part of an XML document would be accessible. - CAN-2003-0044: A cross-site scripting vulnerability was discovered in the included sample web application that allows remote attackers to execute arbitrary script code.
    last seen 2018-09-01
    modified 2018-08-09
    plugin id 15083
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15083
    title Debian DSA-246-1 : tomcat - information exposure, XSS
  • NASL family Web Servers
    NASL id TOMCAT_3_3_2.NASL
    description According to its self-reported version number, the instance of Apache Tomcat 3.x listening on the remote host is prior to 3.3.2, It is, therefore, affected by multiple vulnerabilities. Unspecified cross-site scripting vulnerabilities exist in the 'ROOT' and example applications shipped with this version of Tomcat. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2018-09-02
    modified 2018-08-03
    plugin id 50526
    published 2010-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50526
    title Apache Tomcat 3.x < 3.3.2 Multiple Vulnerabilities
refmap via4
bid 6720
ciac N-060
confirm
debian DSA-246
hp HPSBUX0303-249
osvdb
  • 9203
  • 9204
secunia 7972
xf tomcat-web-app-xss(11196)
Last major update 10-09-2008 - 20:05
Published 07-02-2003 - 00:00
Last modified 10-07-2017 - 21:29
Back to Top