[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2003-0042Date: (C)2003-02-07   (M)2023-12-22


Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
http://marc.info/?l=bugtraq&m=104394568616290&w=2
BID-6721
SECUNIA-7972
SECUNIA-7977
DSA-246
HPSBUX0303-249
N-060
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
tomcat-null-directory-listing(11194)

CPE    9
cpe:/a:apache:tomcat:3.1
cpe:/a:apache:tomcat:3.2
cpe:/a:apache:tomcat:3.0
cpe:/a:apache:tomcat:3.2.4
...

© SecPod Technologies