5

CVE-2003-0042

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version3.0
ApacheTomcat Version3.1
ApacheTomcat Version3.1.1
ApacheTomcat Version3.2
ApacheTomcat Version3.2.1
ApacheTomcat Version3.2.3
ApacheTomcat Version3.2.4
ApacheTomcat Version3.3
ApacheTomcat Version3.3.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 46.04% 0.987
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
Vendor Advisory
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
Vendor Advisory
http://marc.info/?l=bugtraq&m=104394568616290&w=2
http://secunia.com/advisories/7972
http://secunia.com/advisories/7977
http://www.ciac.org/ciac/bulletins/n-060.shtml
http://www.debian.org/security/2003/dsa-246
Patch
Vendor Advisory
http://www.securityfocus.com/advisories/5111
http://www.securityfocus.com/bid/6721
https://exchange.xforce.ibmcloud.com/vulnerabilities/11194