CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2003-0045
https://notcve.org/view.php?id=CVE-2003-0045
07 Feb 2003 — Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. Jakarta Tomcat antes de 3.3.1a en ciertos sistemas Windows puede permitir a atacantes remotos causar una denegación de servicio (cuelgue de hebras y consumición de recursos) mediante peticiones a una página JSP conteniendo un nombre de dispositivo MS-DOS, como aux.jsp. • http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2003-0043
https://notcve.org/view.php?id=CVE-2003-0043
07 Feb 2003 — Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file. Jakarta Tomcat anteriores a 3.3.1a, cuando se usa con JDK 1.3.1 o anteriores, usa privilegios que le han sido confiados cuando procesa el fichero web.xml, lo que podría permitir a atacantes remotos leer porciones de algunos ficheros mediante el fichero web.xml • http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a •
CVSS: 7.5EPSS: 5%CPEs: 9EXPL: 1CVE-2003-0042 – Apache Tomcat 3.x - Null Byte Directory / File Disclosure
https://notcve.org/view.php?id=CVE-2003-0042
29 Jan 2003 — Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character. Jakarta Tomcat antes de 3.3.1a, cuando se usa con JDK 1.3.1 o anterior, permite a atacantes remotos listar directorios incluso cuando un index.html u otro fichero presente mediante una URL conteniendo un carácter nulo. • https://www.exploit-db.com/exploits/22205 •
CVSS: 6.8EPSS: 66%CPEs: 10EXPL: 0CVE-2003-0044
https://notcve.org/view.php?id=CVE-2003-0044
29 Jan 2003 — Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML. Vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en las apliaciones ejemplos y ROOT web en Jakarta Tomcat 3.x a 3.3.1a permite a atacantes remotos ejecutar scripts web arbitrarios • http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 3CVE-2002-2006 – Apache Tomcat 4.0/4.1 - Servlet Full Path Disclosure
https://notcve.org/view.php?id=CVE-2002-2006
31 Dec 2002 — The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets. • https://www.exploit-db.com/exploits/21412 •
CVSS: 7.5EPSS: 2%CPEs: 19EXPL: 2CVE-2002-1148 – Apache Tomcat 3/4 - 'DefaultServlet' File Disclosure
https://notcve.org/view.php?id=CVE-2002-1148
11 Oct 2002 — The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. El servlet por defecto (org.apache.catalina.servlets.DefaultServlet) en Tomcat 4.0.4 y 4.1.10 permite a atacantes remotos leer código fuente de ficheros del servidor mediante una petición directa al servlet. • https://www.exploit-db.com/exploits/21853 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0493
https://notcve.org/view.php?id=CVE-2002-0493
12 Aug 2002 — Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions. • http://marc.info/?l=bugtraq&m=101709002410365&w=2 • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2000-1210
https://notcve.org/view.php?id=CVE-2000-1210
22 Mar 2002 — Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp. • http://marc.info/?l=bugtraq&m=95371672300045&w=2 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2001-0590 – Apache Tomcat 3.0 - Directory Traversal
https://notcve.org/view.php?id=CVE-2001-0590
02 Aug 2001 — Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0). • https://www.exploit-db.com/exploits/20716 •
CVSS: 7.5EPSS: 19%CPEs: 2EXPL: 2CVE-2000-0760 – Tomcat 3.0/3.1 Snoop Servlet - Information Disclosure
https://notcve.org/view.php?id=CVE-2000-0760
21 Sep 2000 — The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. • https://www.exploit-db.com/exploits/20132 •