Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-246
HistoryJan 29, 2003 - 12:00 a.m.

tomcat - information exposure, cross site scripting

2003-01-2900:00:00
Google
osv.dev
10

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.933 High

EPSS

Percentile

98.6%

JSON

The developers of tomcat discovered several problems in tomcat version
3.x. The Common Vulnerabilities and Exposures project identifies the
following problems:


  • CAN-2003-0042    : A maliciously crafted request could return a
    directory listing even when an index.html, index.jsp, or other
    welcome file is present. File contents can be returned as well.

  • CAN-2003-0043    : A malicious web application could read the contents
    of some files outside the web application via its web.xml file in
    spite of the presence of a security manager. The content of files
    that can be read as part of an XML document would be accessible.

  • CAN-2003-0044    : A cross-site scripting vulnerability was discovered
    in the included sample web application that allows remote attackers
    to execute arbitrary script code.

For the stable distribution (woody) this problem has been fixed in
version 3.3a-4woody.1.

The old stable distribution (potato) does not contain tomcat packages.

For the unstable distribution (sid) this problem has been fixed in
version 3.3.1a-1.

We recommend that you upgrade your tomcat package.

CPENameOperatorVersion
tomcateq3.3a-4woody1

Related

openvas 5
debian 2
nessus 3
tomcat 2
cve 3
cvelist 3
osv 2
github 2
openvas
openvas
Debian Security Advisory DSA 246-1 (tomcat)
2008-01-17 00:00:00
Debian Security Advisory DSA 246-1 (tomcat)
2008-01-17 00:00:00
HP-UX Update for Tomcat HPSBUX00249
2009-05-05 00:00:00
debian
debian
[SECURITY] [DSA 246-1] New tomcat packages fix information exposure and cross site scripting
2003-01-29 15:36:10
[SECURITY] [DSA 246-1] New tomcat packages fix information exposure and cross site scripting
2003-01-29 00:00:00
nessus
nessus
Debian DSA-246-1 : tomcat - information exposure, XSS
2004-09-29 00:00:00
Apache Tomcat Directory Listing and File Disclosure
2003-03-22 00:00:00
Apache Tomcat 3.x < 3.3.2 Multiple Vulnerabilities
2010-11-09 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 3.3.1a
2003-01-27 00:00:00
Fixed in Apache Tomcat 3.3.2
2003-01-27 00:00:00
cve
cve
CVE-2003-0043
2003-02-07 05:00:00
CVE-2003-0042
2003-02-07 05:00:00
CVE-2003-0044
2003-02-07 05:00:00
cvelist
cvelist
CVE-2003-0043
2004-09-01 04:00:00
CVE-2003-0044
2003-01-29 05:00:00
CVE-2003-0042
2003-01-29 05:00:00
osv
osv
Jakarta Tomcat Directory Listing vulnerability
2022-04-29 01:25:43
Jakarta Tomcat cross-site scripting (XSS) vulnerability
2022-04-29 01:25:44
github
github
Jakarta Tomcat Directory Listing vulnerability
2022-04-29 01:25:43
Jakarta Tomcat cross-site scripting (XSS) vulnerability
2022-04-29 01:25:44

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.933 High

EPSS

Percentile

98.6%

JSON
Related for OSV:DSA-246
openvas5debian2nessus3tomcat2cve3cvelist3osv2github2