Vulnerability in N/a
CVE-2003-0042
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null cha…
EPSS: 0.558 (98.1th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- DSA-246 (vendor-advisory, x_refsource_DEBIAN)
- 6721 (vdb-entry, x_refsource_BID)
- jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/ (x_refsource_CONFIRM)
- 20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability (mailing-list, x_refsource_BUGTRAQ)
- HPSBUX0303-249 (x_refsource_HP, vendor-advisory)
- tomcat-null-directory-listing(11194) (vdb-entry, x_refsource_XF)
- N-060 (government-resource, third-party-advisory, x_refsource_CIAC)
- 7977 (x_refsource_SECUNIA, third-party-advisory)
- 7972 (x_refsource_SECUNIA, third-party-advisory)
- jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.t… (x_refsource_CONFIRM)