The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote malicious users to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat 3.0 |
||
apache tomcat 3.1 |