Lucene search
Apache TomcatTOMCAT:DC9BD9085F31543CB380654E610AA381HistoryMar 09, 2002 - 12:00 a.m.
Fixed in Apache Tomcat 3.2.2
2002-03-0900:00:00
Apache Tomcat
tomcat.apache.org
11
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.039 Low
EPSS
Percentile
92.0%
Moderate: Cross site scripting CVE-2001-0829
The default 404 error page does not escape URLs. This allows XSS attacks using specially crafted URLs.
Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1
Moderate: Information disclosure CVE-2001-0590
A specially crafted URL can be used to obtain the source for JSPs.
Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache tomcat | eq | 3.0 | |
| apache tomcat | ge | 3.1 | |
| apache tomcat | le | 3.1.1 | |
| apache tomcat | ge | 3.2 | |
| apache tomcat | le | 3.2.1 |
Related
nessus
nessus
Apache Tomcat 3.x < 3.2.2 JSP Error Condition XSS
2010-11-02 00:00:00
Apache Tomcat 3.x < 3.2.2 Malformed URL JSP Source Disclosure
2010-10-26 00:00:00
osv
osv
Apache Tomcat allows webmasters to insert xss into error messages
2022-04-30 18:16:47
Apache Tomcat Allows Source Disclosure
2022-04-30 18:16:22
github
github
Apache Tomcat allows webmasters to insert xss into error messages
2022-04-30 18:16:47
Apache Tomcat Allows Source Disclosure
2022-04-30 18:16:22
nvd
nvd
CVE-2001-0829
2001-12-06 05:00:00
CVE-2001-0590
2001-08-02 04:00:00
cert
cert
cve
cve
CVE-2001-0829
2001-12-06 05:00:00
CVE-2001-0590
2002-03-09 05:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2019-03-25 08:40:44
cvelist
cvelist
CVE-2001-0829
2001-11-22 05:00:00
CVE-2001-0590
2002-03-09 05:00:00
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.039 Low
EPSS
Percentile
92.0%
Related for TOMCAT:DC9BD9085F31543CB380654E610AA381