Moderate severityNVD Advisory· Published Feb 7, 2003· Updated Jun 16, 2026
CVE-2003-0044
CVE-2003-0044
Description
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tomcat:tomcatMaven | >= 3.0, < 3.3.2 | 3.3.2 |
Affected products
11cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
13- www.debian.org/security/2003/dsa-246nvdPatchVendor AdvisoryWEB
- jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/nvdVendor Advisory
- jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txtnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-5hgm-qm5m-5vmwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2003-0044ghsaADVISORY
- jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1aghsaWEB
- secunia.com/advisories/7972nvdWEB
- www.ciac.org/ciac/bulletins/n-060.shtmlnvdWEB
- www.osvdb.org/9203nvdWEB
- www.osvdb.org/9204nvdWEB
- www.securityfocus.com/advisories/5111nvdWEB
- www.securityfocus.com/bid/6720nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/11196nvdWEB
News mentions
0No linked articles in our index yet.