Description
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5473)
WordPress Plugin Car Demon Multiple Vulnerabilities (1.7.97)
PHP error logging format string vulnerability
WordPress Other Vulnerability (CVE-2006-3389)
Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-28735)