5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.039 Low
EPSS
Percentile
92.0%
Moderate: Cross site scripting CVE-2001-0829
The default 404 error page does not escape URLs. This allows XSS attacks using specially crafted URLs.
Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1
Moderate: Information disclosure CVE-2001-0590
A specially crafted URL can be used to obtain the source for JSPs.
Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | eq | 3.0 | |
apache tomcat | ge | 3.1 | |
apache tomcat | le | 3.1.1 | |
apache tomcat | ge | 3.2 | |
apache tomcat | le | 3.2.1 |