Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tomcat | Apache | 3.0 (including) | 3.0 (including) |
| Tomcat | Apache | 3.1 (including) | 3.1 (including) |
| Tomcat | Apache | 3.1.1 (including) | 3.1.1 (including) |
| Tomcat | Apache | 3.2 (including) | 3.2 (including) |
| Tomcat | Apache | 3.2.1 (including) | 3.2.1 (including) |
| Tomcat | Apache | 3.2.3 (including) | 3.2.3 (including) |
| Tomcat | Apache | 3.2.4 (including) | 3.2.4 (including) |
| Tomcat | Apache | 3.3 (including) | 3.3 (including) |
| Tomcat | Apache | 3.3.1 (including) | 3.3.1 (including) |
| Tomcat | Apache | 3.3.1a (including) | 3.3.1a (including) |
References
- http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
- http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
- http://secunia.com/advisories/7972
- http://www.ciac.org/ciac/bulletins/n-060.shtml
- http://www.debian.org/security/2003/dsa-246
- http://www.osvdb.org/9203
- http://www.osvdb.org/9204
- http://www.securityfocus.com/advisories/5111
- http://www.securityfocus.com/bid/6720
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11196
- http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
- http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
- http://secunia.com/advisories/7972
- http://www.ciac.org/ciac/bulletins/n-060.shtml
- http://www.debian.org/security/2003/dsa-246
- http://www.osvdb.org/9203
- http://www.osvdb.org/9204
- http://www.securityfocus.com/advisories/5111
- http://www.securityfocus.com/bid/6720
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11196