Vulnerabilities > CVE-2003-0044 - Cross-Site Scripting vulnerability in Apache Tomcat Example Web Application

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
apache
nessus
NVD
Published: 2003-02-07
Updated: 2017-07-11

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.

Vulnerable Configurations

Part Description Count
Application
Apache
10

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-246.NASL
    descriptionThe developers of tomcat discovered several problems in tomcat version 3.x. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2003-0042: A maliciously crafted request could return a directory listing even when an index.html, index.jsp, or other welcome file is present. File contents can be returned as well. - CAN-2003-0043: A malicious web application could read the contents of some files outside the web application via its web.xml file in spite of the presence of a security manager. The content of files that can be read as part of an XML document would be accessible. - CAN-2003-0044: A cross-site scripting vulnerability was discovered in the included sample web application that allows remote attackers to execute arbitrary script code.
    last seen2020-06-01
    modified2020-06-02
    plugin id15083
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15083
    titleDebian DSA-246-1 : tomcat - information exposure, XSS
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-246. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(15083);
  script_version("1.24");
  script_cvs_date("Date: 2019/08/02 13:32:17");

  script_cve_id("CVE-2003-0042", "CVE-2003-0043", "CVE-2003-0044");
  script_xref(name:"DSA", value:"246");

  script_name(english:"Debian DSA-246-1 : tomcat - information exposure, XSS");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The developers of tomcat discovered several problems in tomcat version
3.x. The Common Vulnerabilities and Exposures project identifies the
following problems :

  - CAN-2003-0042: A maliciously crafted request could
    return a directory listing even when an index.html,
    index.jsp, or other welcome file is present. File
    contents can be returned as well.
  - CAN-2003-0043: A malicious web application could read
    the contents of some files outside the web application
    via its web.xml file in spite of the presence of a
    security manager. The content of files that can be read
    as part of an XML document would be accessible.

  - CAN-2003-0044: A cross-site scripting vulnerability was
    discovered in the included sample web application that
    allows remote attackers to execute arbitrary script
    code."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2003/dsa-246"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the tomcat package.

For the stable distribution (woody) this problem has been fixed in
version 3.3a-4woody.1.


The old stable distribution (potato) does not contain tomcat packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tomcat");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/01/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_set_attribute(attribute:"vuln_publication_date", value:"2003/01/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"libapache-mod-jk", reference:"3.3a-4woody1")) flag++;
if (deb_check(release:"3.0", prefix:"tomcat", reference:"3.3a-4woody1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyWeb Servers
    NASL idTOMCAT_3_3_2.NASL
    descriptionAccording to its self-reported version number, the instance of Apache Tomcat 3.x listening on the remote host is prior to 3.3.2, It is, therefore, affected by multiple vulnerabilities. Unspecified cross-site scripting vulnerabilities exist in the
    last seen2020-03-18
    modified2010-11-09
    plugin id50526
    published2010-11-09
    reporterThis script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50526
    titleApache Tomcat 3.x < 3.3.2 Multiple Vulnerabilities

References