CVE-2003-0043

high

Description

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/11195

http://www.securityfocus.com/bid/6722

http://www.securityfocus.com/advisories/5111

http://www.debian.org/security/2003/dsa-246

http://www.ciac.org/ciac/bulletins/n-060.shtml

http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt

http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Details

Source: Mitre, NVD

Published: 2003-02-07

Updated: 2017-10-10

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

Detections

Analytics