Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-6ss8-442a-3baf
Vulnerability ID VCID-6ss8-442a-3baf
Aliases CVE-2003-0044
GHSA-5hgm-qm5m-5vmw
Summary Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a
generic_textual MODERATE http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
epss 0.27285 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.27285 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.27285 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.27285 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.27285 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.27285 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.27285 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
epss 0.27285 https://api.first.org/data/v1/epss?cve=CVE-2003-0044
apache_tomcat Moderate https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0044
generic_textual MODERATE http://secunia.com/advisories/7972
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/11196
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-5hgm-qm5m-5vmw
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2003-0044
generic_textual MODERATE http://www.ciac.org/ciac/bulletins/n-060.shtml
generic_textual MODERATE http://www.debian.org/security/2003/dsa-246
generic_textual MODERATE http://www.osvdb.org/9203
generic_textual MODERATE http://www.osvdb.org/9204
generic_textual MODERATE http://www.securityfocus.com/advisories/5111
generic_textual MODERATE http://www.securityfocus.com/bid/6720
Reference id Reference type URL
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
https://api.first.org/data/v1/epss?cve=CVE-2003-0044
http://secunia.com/advisories/7972
https://exchange.xforce.ibmcloud.com/vulnerabilities/11196
http://www.ciac.org/ciac/bulletins/n-060.shtml
http://www.debian.org/security/2003/dsa-246
http://www.osvdb.org/9203
http://www.osvdb.org/9204
http://www.securityfocus.com/advisories/5111
http://www.securityfocus.com/bid/6720
CVE-2003-0044 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0044
CVE-2003-0044 https://nvd.nist.gov/vuln/detail/CVE-2003-0044
GHSA-5hgm-qm5m-5vmw https://github.com/advisories/GHSA-5hgm-qm5m-5vmw
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.96367
EPSS Score 0.27285
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:38:20.862936+00:00 Apache Tomcat Importer Import https://tomcat.apache.org/security-3.html 38.0.0