Apache Tomcat Source.jsp Malformed Request Information Disclosure Network Vulnerability

Summary

The source.jsp file, distributed with Apache Tomcat server, will disclose information when passed a malformed request. As a result, information such as the web root path and directory listings could be obtained. Example: http://target/examples/jsp/source.jsp?? - reveals the web root http://target/examples/jsp/source.jsp?/jsp/ - reveals the contents of the jsp directory

Solution

Remove default files from the web server

References

http://www.securityfocus.com/bid/4876

Updated on 2015-03-25

Severity

Classification

CVE CVE-2000-1210

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Archiva Multiple Vulnerabilities
Adobe ColdFusion HTTP Response Splitting Vulnerability
Apache Tomcat DOS Device Name XSS
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
Allaire JRun directory browsing vulnerability

Apache Tomcat source.jsp malformed request information disclosure

Take action and discover your vulnerabilities