CVE-2003-0045

Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/12102

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:tomcat:3.0:::::::*
	cpe:2.3:a:apache:tomcat:3.1:::::::*
	cpe:2.3:a:apache:tomcat:3.1.1:::::::*
	cpe:2.3:a:apache:tomcat:3.2:::::::*
	cpe:2.3:a:apache:tomcat:3.2.1:::::::*
	cpe:2.3:a:apache:tomcat:3.2.3:::::::*
	cpe:2.3:a:apache:tomcat:3.2.4:::::::*
	cpe:2.3:a:apache:tomcat:3.3:::::::*
	cpe:2.3:a:apache:tomcat:3.3.1:::::::*

History

No history.

Information

Published : 2003-02-07 05:00

Updated : 2017-10-10 01:30

NVD link : CVE-2003-0045

Mitre link : CVE-2003-0045

CVE.ORG link : CVE-2003-0045

JSON object : View

Products Affected

apache

tomcat

CWE

NVD-CWE-Other

{"id": "CVE-2003-0045", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-02-07T05:00:00.000", "references": [{"url": "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12102", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp."}, {"lang": "es", "value": "Jakarta Tomcat antes de 3.3.1a en ciertos sistemas Windows puede permitir a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue de hebras y consumici\u00f3n de recursos) mediante peticiones a una p\u00e1gina JSP conteniendo un nombre de dispositivo MS-DOS, como aux.jsp."}], "lastModified": "2017-10-10T01:30:13.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAFF8D91-80A2-454A-8B44-A5A889002692"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEC42876-65AD-476A-8B62-25D4E15D1BB6"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "724A8FF9-8089-4302-8200-08987A712988"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F97DDB7-E32B-422F-8AEA-07C75DEAD36E"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7079F63C-7CA8-4909-A9C8-45C4C1C1C186"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC829C8E-1061-4F62-BA4B-FE5C7F11F209"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "143BA75E-A186-47EF-A18C-B1A1A1F61C00"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0CDF9E1-9412-450E-B1D4-438F128FFF9E"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32561F50-6385-4D71-AFAC-3D2F8DB55A4B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}