CVE-2003-0042

Sažetak

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

Reference

http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
http://marc.info/?l=bugtraq&m=104394568616290&w=2
http://secunia.com/advisories/7972
http://secunia.com/advisories/7977
http://www.ciac.org/ciac/bulletins/n-060.shtml
http://www.debian.org/security/2003/dsa-246
http://www.securityfocus.com/advisories/5111
http://www.securityfocus.com/bid/6721
https://exchange.xforce.ibmcloud.com/vulnerabilities/11194

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:29

Objavljeno

07-02-2003 - 05:00