Apache Tomcat 4.0.3, when running on Windows, allows remote malicious users to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat 4.0.3 |