Vulnerabilities > CVE-2001-0829 - Unspecified vulnerability in Apache Tomcat 3.2.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apache
nessus
Summary
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Web Servers |
| NASL id | TOMCAT_3_2_2.NASL |
| description | The instance of Apache Tomcat 3.x listening on the remote host is affected by a cross-site scripting vulnerability. An attacker is able to embed JavaScript into a request for a JSP file creating an error condition. The request is not sanitized before being displayed on the application error page. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 50448 |
| published | 2010-11-02 |
| reporter | This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/50448 |
| title | Apache Tomcat 3.x < 3.2.2 JSP Error Condition XSS |
References
- http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html
- http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html
- http://jakarta.apache.org/tomcat/tomcat-3.2-doc/readme
- http://jakarta.apache.org/tomcat/tomcat-3.2-doc/readme
- http://www.securityfocus.com/bid/2982
- http://www.securityfocus.com/bid/2982