Summary
Tomcat 4.0.4 and 4.1.10 (probably all other
earlier versions also) are vulnerable to source
code exposure by using the default servlet
org.apache.catalina.servlets.DefaultServlet.
Solution
Upgrade to the last releases 4.0.5 and 4.1.12.
See http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/ for the last releases.
Severity
Classification
-
CVE CVE-2002-1148 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Archiva Multiple Vulnerabilities
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability