Published: 07/02/2003 Updated: 10/10/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Jakarta Tomcat prior to 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

Affected Products

Vendor Product Versions
ApacheTomcat3.0, 3.1, 3.1.1, 3.2, 3.2.1, 3.2.3, 3.2.4, 3.3, 3.3.1

Vendor Advisories

The developers of tomcat discovered several problems in tomcat version 3x The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2003-0042: A maliciously crafted request could return a directory listing even when an indexhtml, indexjsp, or other welcome file is present File contents can be returned as we ...