Vulnerability Details CVE-2003-0044
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.273
EPSS Ranking 96.2%
CVSS Severity
CVSS v2 Score 6.8
References
- http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
- http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
- http://secunia.com/advisories/7972
- http://www.ciac.org/ciac/bulletins/n-060.shtml
- http://www.debian.org/security/2003/dsa-246
- http://www.osvdb.org/9203
- http://www.osvdb.org/9204
- http://www.securityfocus.com/advisories/5111
- http://www.securityfocus.com/bid/6720
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11196
- http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
- http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
- http://secunia.com/advisories/7972
- http://www.ciac.org/ciac/bulletins/n-060.shtml
- http://www.debian.org/security/2003/dsa-246
- http://www.osvdb.org/9203
- http://www.osvdb.org/9204
- http://www.securityfocus.com/advisories/5111
- http://www.securityfocus.com/bid/6720
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11196
Products affected by CVE-2003-0044
-
cpe:2.3:a:apache:tomcat:3.0
-
cpe:2.3:a:apache:tomcat:3.1
-
cpe:2.3:a:apache:tomcat:3.1.1
-
cpe:2.3:a:apache:tomcat:3.2
-
cpe:2.3:a:apache:tomcat:3.2.1
-
cpe:2.3:a:apache:tomcat:3.2.3
-
cpe:2.3:a:apache:tomcat:3.2.4
-
cpe:2.3:a:apache:tomcat:3.3
-
cpe:2.3:a:apache:tomcat:3.3.1
-
cpe:2.3:a:apache:tomcat:3.3.1a