PT-2003-1329 · Apache · Jakarta Tomcat+1

Published

2003-01-29

Updated

2022-04-29

CVE-2003-0044

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Jakarta Tomcat versions 3.x through 3.3.1a

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities found in the examples and ROOT web applications. These vulnerabilities allow remote attackers to insert arbitrary web script or HTML. It is noted that the examples web application should not be installed on production servers due to these vulnerabilities.

Recommendations For Jakarta Tomcat versions 3.x through 3.3.1a, consider uninstalling the examples web application to minimize the risk of exploitation, especially on production servers. As a temporary workaround, restrict access to the ROOT web application and the examples web application until a fix is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2003-0044

DSA-246

GHSA-5HGM-QM5M-5VMW

Affected Products

Apache Tomcat

Jakarta Tomcat

PT-2003-1329 · Apache · Jakarta Tomcat+1

CVE-2003-0044

Weakness Enumeration

Related Identifiers

Affected Products

References · 14