CVE-2003-0042

2003-02-0705:00:00

[email protected]

web.nvd.nist.gov

cve-2003-0042

jakarta tomcat

vulnerability

remote attackers

directory listing

jsp source code

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.137 Low

EPSS

Percentile

95.7%

JSON

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

Affected configurations

NVD

Node

apachetomcatMatch3.0

apachetomcatMatch3.1

apachetomcatMatch3.1.1

apachetomcatMatch3.2

apachetomcatMatch3.2.1

apachetomcatMatch3.2.3

apachetomcatMatch3.2.4

apachetomcatMatch3.3

apachetomcatMatch3.3.1

CPENameOperatorVersion
apache:tomcatapache tomcateq3.0
apache:tomcatapache tomcateq3.1
apache:tomcatapache tomcateq3.1.1
apache:tomcatapache tomcateq3.2
apache:tomcatapache tomcateq3.2.1
apache:tomcatapache tomcateq3.2.3
apache:tomcatapache tomcateq3.2.4
apache:tomcatapache tomcateq3.3
apache:tomcatapache tomcateq3.3.1

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	3.0
apache:tomcat	apache tomcat	eq	3.1
apache:tomcat	apache tomcat	eq	3.1.1
apache:tomcat	apache tomcat	eq	3.2
apache:tomcat	apache tomcat	eq	3.2.1
apache:tomcat	apache tomcat	eq	3.2.3
apache:tomcat	apache tomcat	eq	3.2.4
apache:tomcat	apache tomcat	eq	3.3
apache:tomcat	apache tomcat	eq	3.3.1