CVE-2001-0590

EPSS 48.3%

Apache Tomcat Allows Source Disclosure

Published: 4/30/2022Modified: 11/8/2023

Description

Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).

Affected packages (1)

Maven/org.apache.tomcat:tomcat-servlet-apifrom 0, < 3.2.2

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2001-0590
WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/6971
WEBhttps://web.archive.org/web/20020711002734/http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html