CVE-2003-0042

high

Description

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/11194

http://www.securityfocus.com/bid/6721

http://www.securityfocus.com/advisories/5111

http://www.debian.org/security/2003/dsa-246

http://www.ciac.org/ciac/bulletins/n-060.shtml

http://secunia.com/advisories/7977

http://secunia.com/advisories/7972

http://marc.info/?l=bugtraq&m=104394568616290&w=2

http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt

http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Details

Source: Mitre, NVD

Published: 2003-02-07

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

Detections

Analytics