Summary
The source.jsp file, distributed with Apache Tomcat server, will disclose information when passed a malformed request. As a result, information such as the web root path and directory listings could be obtained.
Example: http://target/examples/jsp/source.jsp?? - reveals the web root http://target/examples/jsp/source.jsp?/jsp/ - reveals the contents of the jsp directory
Solution
Remove default files from the web server
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2000-1210 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- Apache Tomcat Directory Listing and File disclosure
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14