Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0042

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0042
Last Modified 10 Sep 2008 08:05:25
Published 07 Feb 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0042

Summary

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

Vulnerable Systems

Application

  • Apache Tomcat 3.0

  • Apache Tomcat 3.1

  • Apache Tomcat 3.1.1

  • Apache Tomcat 3.2

  • Apache Tomcat 3.2.1

  • Apache Tomcat 3.2.3

  • Apache Tomcat 3.2.4

  • Apache Tomcat 3.3

  • Apache Tomcat 3.3.1


References

DEBIAN - DSA-246

BUGTRAQ - 20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability

CONFIRM - http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt

CONFIRM - http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

XF - tomcat-null-directory-listing(11194)

BID - 6721

HP - HPSBUX0303-249

CIAC - N-060

SECUNIA - 7977

SECUNIA - 7972


Last Updated: 27 May 2016 10:37:45