GitHub Advisory DatabaseGHSA-QFW2-WVRW-MVW4

HistoryApr 29, 2022 - 1:25 a.m.

Jakarta Tomcat Directory Listing vulnerability

2022-04-2901:25:43

CWE-22

GitHub Advisory Database

github.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.137 Low

EPSS

Percentile

95.7%

JSON

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

Affected configurations

Vulners

Node

org.apache.tomcat\Matchtomcat

CPENameOperatorVersion
org.apache.tomcat:tomcatlt3.3.1a

CPE	Name	Operator	Version
	org.apache.tomcat:tomcat	lt	3.3.1a

References

jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt

marc.info/?l=bugtraq&m=104394568616290&w=2

secunia.com/advisories/7972

secunia.com/advisories/7977

www.ciac.org/ciac/bulletins/n-060.shtml

www.debian.org/security/2003/dsa-246

www.securityfocus.com/advisories/5111

www.securityfocus.com/bid/6721

exchange.xforce.ibmcloud.com/vulnerabilities/11194

github.com/advisories/GHSA-qfw2-wvrw-mvw4

nvd.nist.gov/vuln/detail/CVE-2003-0042

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.137 Low

EPSS

Percentile

95.7%

JSON

Related for GHSA-QFW2-WVRW-MVW4