Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:apache:tomcat:3.3.2:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 22 matching records.
Displaying matches 21 through 22.
Vuln ID Summary CVSS Severity
CVE-2005-4838

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.

Published: December 31, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2002-0493

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Published: August 12, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH