Lucene search
GoogleOSV:DSA-170HistoryOct 04, 2002 - 12:00 a.m.
tomcat4 - source code disclosure
2002-10-0400:00:00
Google
osv.dev
4
0.013 Low
EPSS
Percentile
86.2%
A security vulnerability has been found in all Tomcat 4.x releases.
This problem allows an attacker to use a specially crafted URL to
return the unprocessed source code of a JSP page, or, under special
circumstances, a static resource which would otherwise have been
protected by security constraints, without the need for being properly
authenticated.
This problem has been fixed in version 4.0.3-3woody1 for the current
stable distribution (woody) and in version 4.1.12-1 for the unstable
release (sid). The old stable release (potato) does not contain
tomcat packages. Also, packages for tomcat3 are not vulnerable to
this problem.
We recommend that you upgrade your tomcat package immediately.
References
Related
osv
osv
Apache Tomcat Source Code Disclosure
2022-04-30 18:20:37
tomcat4 - source disclosure
2003-01-09 00:00:00
Apache Tomcat Source Code Disclosure
2022-04-30 18:21:05
github
github
Apache Tomcat Source Code Disclosure
2022-04-30 18:20:37
Apache Tomcat Source Code Disclosure
2022-04-30 18:21:05
cve
cve
CVE-2002-1148
2004-09-01 04:00:00
CVE-2002-1394
2004-09-01 04:00:00
veracode
veracode
Information Disclosure
2018-11-13 03:06:15
tomcat
tomcat
Fixed in Apache Tomcat 4.1.12, 4.0.5
2004-09-01 00:00:00
Fixed in Apache Tomcat 4.1.13, 4.0.6
2004-09-01 00:00:00
nvd
nvd
CVE-2002-1148
2002-10-11 04:00:00
CVE-2002-1394
2003-01-17 05:00:00
nessus
nessus
Debian DSA-170-1 : tomcat4 - source code disclosure
2004-09-29 00:00:00
Debian DSA-225-1 : tomcat4 - source disclosure
2004-09-29 00:00:00
cvelist
cvelist
CVE-2002-1148
2004-09-01 04:00:00
CVE-2002-1394
2004-09-01 04:00:00
debian
debian
openvas
openvas
Debian Security Advisory DSA 225-1 (tomcat4)
2008-01-17 00:00:00
Tomcat 4.x JSP Source Exposure - Active Check
2005-11-03 00:00:00
Debian Security Advisory DSA 225-1 (tomcat4)
2008-01-17 00:00:00