CVE-2003-0043

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

cve-2003-0043

jakarta tomcat

remote attackers

file reading vulnerability

web.xml

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.6%

JSON

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

Affected configurations

NVD

Node

apachetomcatMatch3.0

apachetomcatMatch3.1

apachetomcatMatch3.1.1

apachetomcatMatch3.2

apachetomcatMatch3.2.1

apachetomcatMatch3.2.3

apachetomcatMatch3.2.4

apachetomcatMatch3.3

apachetomcatMatch3.3.1

CPENameOperatorVersion
apache:tomcatapache tomcateq3.0
apache:tomcatapache tomcateq3.1
apache:tomcatapache tomcateq3.1.1
apache:tomcatapache tomcateq3.2
apache:tomcatapache tomcateq3.2.1
apache:tomcatapache tomcateq3.2.3
apache:tomcatapache tomcateq3.2.4
apache:tomcatapache tomcateq3.3
apache:tomcatapache tomcateq3.3.1

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	3.0
apache:tomcat	apache tomcat	eq	3.1
apache:tomcat	apache tomcat	eq	3.1.1
apache:tomcat	apache tomcat	eq	3.2
apache:tomcat	apache tomcat	eq	3.2.1
apache:tomcat	apache tomcat	eq	3.2.3
apache:tomcat	apache tomcat	eq	3.2.4
apache:tomcat	apache tomcat	eq	3.3
apache:tomcat	apache tomcat	eq	3.3.1