) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2003-0043 |
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file. Published: February 07, 2003; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2003-0044 |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML. Published: February 07, 2003; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2003-0045 |
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. Published: February 07, 2003; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2002-2006 |
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets. Published: December 31, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2002-1148 |
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. Published: October 11, 2002; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2002-0493 |
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions. Published: August 12, 2002; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2000-1210 |
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp. Published: March 22, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2001-0590 |
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0). Published: August 02, 2001; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2000-0760 |
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. Published: October 20, 2000; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
| CVE-2000-0672 |
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory. Published: July 20, 2000; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |