Search for vulnerabilities
Vulnerability details: VCID-3yb9-9j6r-aaaf
Vulnerability ID VCID-3yb9-9j6r-aaaf
Aliases CVE-2003-0044
GHSA-5hgm-qm5m-5vmw
Summary Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a
generic_textual MODERATE http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
epss 0.57828 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.57828 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.57828 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.57828 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.57828 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.57828 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.57828 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.57828 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.57828 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.57828 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.57828 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.57828 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.62384 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.6363 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.66906 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.66906 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.66906 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.66906 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.92191 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.92191 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.92191 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.92191 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.92191 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.92191 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.92191 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.92191 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.92191 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.92191 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.92191 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
apache_tomcat Moderate https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0044
generic_textual MODERATE http://secunia.com/advisories/7972
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/11196
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-5hgm-qm5m-5vmw
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2003-0044
generic_textual MODERATE http://www.ciac.org/ciac/bulletins/n-060.shtml
generic_textual MODERATE http://www.debian.org/security/2003/dsa-246
generic_textual MODERATE http://www.osvdb.org/9203
generic_textual MODERATE http://www.osvdb.org/9204
generic_textual MODERATE http://www.securityfocus.com/advisories/5111
generic_textual MODERATE http://www.securityfocus.com/bid/6720
Reference id Reference type URL
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
https://api.first.org/data/v1/epss?cve=CVE-2003-0044
http://secunia.com/advisories/7972
https://exchange.xforce.ibmcloud.com/vulnerabilities/11196
http://www.ciac.org/ciac/bulletins/n-060.shtml
http://www.debian.org/security/2003/dsa-246
http://www.osvdb.org/9203
http://www.osvdb.org/9204
http://www.securityfocus.com/advisories/5111
http://www.securityfocus.com/bid/6720
cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*
CVE-2003-0044 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0044
CVE-2003-0044 https://nvd.nist.gov/vuln/detail/CVE-2003-0044
GHSA-5hgm-qm5m-5vmw https://github.com/advisories/GHSA-5hgm-qm5m-5vmw
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2003-0044
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.9802
EPSS Score 0.57828
Published At June 8, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.