CVE-2003-0042
EPSS 55.8%tomcat - information exposure, cross site scripting
發布日:2022/4/29修改日:2026/3/9
描述
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
受影響套件(2)
- Debian/tomcatfrom 0, < 3.3a-4woody.1
- Maven/org.apache.tomcat:tomcatfrom 0, < 3.3.1a
參考連結(12)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2003-0042
- PATCHhttps://github.com/apache/tomcat
- WEBhttp://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a
- WEBhttp://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
- WEBhttp://marc.info/?l=bugtraq&m=104394568616290&w=2
- WEBhttp://secunia.com/advisories/7972
- WEBhttp://secunia.com/advisories/7977
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/11194
- WEBhttp://www.ciac.org/ciac/bulletins/n-060.shtml
- WEBhttp://www.debian.org/security/2003/dsa-246
- WEBhttp://www.securityfocus.com/advisories/5111
- WEBhttp://www.securityfocus.com/bid/6721