Описание
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02561
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
больше 22 лет назад
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, use ...
github
около 3 лет назад
Tomcat uses trusted privileges when processing web.xml file
EPSS
Процентиль: 85%
0.02561
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other