Jakarta Tomcat prior to 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote malicious users to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat 3.0 |
||
apache tomcat 3.1 |
||
apache tomcat 3.1.1 |
||
apache tomcat 3.2 |
||
apache tomcat 3.2.1 |
||
apache tomcat 3.2.3 |
||
apache tomcat 3.2.4 |
||
apache tomcat 3.3 |
||
apache tomcat 3.3.1 |