5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.5 Medium
AI Score
Confidence
Low
0.137 Low
EPSS
Percentile
95.7%
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
marc.info/?l=bugtraq&m=104394568616290&w=2
secunia.com/advisories/7972
secunia.com/advisories/7977
www.ciac.org/ciac/bulletins/n-060.shtml
www.debian.org/security/2003/dsa-246
www.securityfocus.com/advisories/5111
www.securityfocus.com/bid/6721
exchange.xforce.ibmcloud.com/vulnerabilities/11194