CVE-2001-0829

Name of the Vulnerable Software and Affected Versions Apache Tomcat version 3.2.1

Description A cross-site scripting issue allows a malicious webmaster to embed Javascript in a request for a .JSP file, causing the Javascript to be inserted into an error message. The default 404 error page does not escape URLs, enabling XSS attacks using specially crafted URLs.

Recommendations For Apache Tomcat version 3.2.1, consider modifying the default 404 error page to properly escape URLs as a temporary workaround. Restrict access to .JSP files to minimize the risk of exploitation until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.