CVSS: 7.5EPSS: 2%CPEs: 9EXPL: 0CVE-2003-0043
https://notcve.org/view.php?id=CVE-2003-0043
07 Feb 2003 — Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file. Jakarta Tomcat anteriores a 3.3.1a, cuando se usa con JDK 1.3.1 o anteriores, usa privilegios que le han sido confiados cuando procesa el fichero web.xml, lo que podría permitir a atacantes remotos leer porciones de algunos ficheros mediante el fichero web.xml • http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2003-0045
https://notcve.org/view.php?id=CVE-2003-0045
07 Feb 2003 — Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. Jakarta Tomcat antes de 3.3.1a en ciertos sistemas Windows puede permitir a atacantes remotos causar una denegación de servicio (cuelgue de hebras y consumición de recursos) mediante peticiones a una página JSP conteniendo un nombre de dispositivo MS-DOS, como aux.jsp. • http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt •
CVSS: 7.5EPSS: 55%CPEs: 9EXPL: 1CVE-2003-0042 – Apache Tomcat 3.x - Null Byte Directory / File Disclosure
https://notcve.org/view.php?id=CVE-2003-0042
29 Jan 2003 — Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character. Jakarta Tomcat antes de 3.3.1a, cuando se usa con JDK 1.3.1 o anterior, permite a atacantes remotos listar directorios incluso cuando un index.html u otro fichero presente mediante una URL conteniendo un carácter nulo. • https://www.exploit-db.com/exploits/22205 •
CVSS: 6.8EPSS: 63%CPEs: 10EXPL: 0CVE-2003-0044
https://notcve.org/view.php?id=CVE-2003-0044
29 Jan 2003 — Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML. Vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en las apliaciones ejemplos y ROOT web en Jakarta Tomcat 3.x a 3.3.1a permite a atacantes remotos ejecutar scripts web arbitrarios • http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a •
CVSS: 7.5EPSS: 32%CPEs: 14EXPL: 3CVE-2002-2006 – Apache Tomcat 4.0/4.1 - Servlet Full Path Disclosure
https://notcve.org/view.php?id=CVE-2002-2006
31 Dec 2002 — The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets. • https://www.exploit-db.com/exploits/21412 •
CVSS: 7.5EPSS: 39%CPEs: 19EXPL: 2CVE-2002-1148 – Apache Tomcat 3/4 - 'DefaultServlet' File Disclosure
https://notcve.org/view.php?id=CVE-2002-1148
11 Oct 2002 — The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. El servlet por defecto (org.apache.catalina.servlets.DefaultServlet) en Tomcat 4.0.4 y 4.1.10 permite a atacantes remotos leer código fuente de ficheros del servidor mediante una petición directa al servlet. • https://www.exploit-db.com/exploits/21853 •
CVSS: 9.1EPSS: 2%CPEs: 1EXPL: 0CVE-2002-0493
https://notcve.org/view.php?id=CVE-2002-0493
12 Aug 2002 — Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions. • http://marc.info/?l=bugtraq&m=101709002410365&w=2 • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2000-1210
https://notcve.org/view.php?id=CVE-2000-1210
22 Mar 2002 — Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp. • http://marc.info/?l=bugtraq&m=95371672300045&w=2 •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2001-1563
https://notcve.org/view.php?id=CVE-2001-1563
31 Dec 2001 — Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers. • http://archives.neohapsis.com/archives/hp/2001-q4/0062.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2001-0829
https://notcve.org/view.php?id=CVE-2001-0829
22 Nov 2001 — A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html •