Описание
Jakarta Tomcat Directory Listing vulnerability
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2003-0042
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11194
- http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a
- http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
- http://marc.info/?l=bugtraq&m=104394568616290&w=2
- http://secunia.com/advisories/7972
- http://secunia.com/advisories/7977
- http://www.ciac.org/ciac/bulletins/n-060.shtml
- http://www.debian.org/security/2003/dsa-246
- http://www.securityfocus.com/advisories/5111
- http://www.securityfocus.com/bid/6721
Пакеты
Наименование
org.apache.tomcat:tomcat
maven
Затронутые версииВерсия исправления
< 3.3.1a
3.3.1a
Связанные уязвимости
nvd
больше 22 лет назад
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
debian
больше 22 лет назад
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, all ...