CVE-2003-0042

Published: Jan 29, 2003

Modified: Aug 8, 2024

PUBLISHED

Description

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

DSA-246

vendor-advisory

x_refsource_DEBIAN

6721

vdb-entry

x_refsource_BID

http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

x_refsource_CONFIRM

20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability

mailing-list

x_refsource_BUGTRAQ

HPSBUX0303-249

vendor-advisory

x_refsource_HP

tomcat-null-directory-listing(11194)

vdb-entry

x_refsource_XF

N-060

third-party-advisory

government-resource

x_refsource_CIAC

7977

third-party-advisory

x_refsource_SECUNIA

7972

third-party-advisory

x_refsource_SECUNIA

http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2003-0042

Description

Affected Products

References