- EPSS 3.43%
- Veröffentlicht 22.11.2001 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.
- EPSS 21.84%
- Veröffentlicht 02.08.2001 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
CVE-2000-0759
- EPSS 39.82%
- Veröffentlicht 20.10.2000 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
CVE-2000-0760
- EPSS 33.1%
- Veröffentlicht 20.10.2000 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
- EPSS 3.16%
- Veröffentlicht 20.07.2000 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.