Summary
Apache Tomcat (prior to 3.3.1a) is prone to a directory listing and file disclosure vulnerability, it allows remote attackers to potentially list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file.
Solution
Upgrade to Tomcat 4.1.18 or newer version.
Severity
Classification
-
CVE CVE-2003-0042 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Apache Struts Directory Traversal Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability