Debian Security Advisory DSA 225-1 (tomcat4)

The remote host is missing an update to tomcat4 announced via advisory DSA 225-1. OpenVAS Vulnerability Test $Id: deb2251.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 225-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

CVE-2002-1148

CVE-2002-1148 refers to a vulnerability in Apache Tomcat where the default servlet (org.apache.catalina.servlets.DefaultServlet) on Tomcat 4.0.4, 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. Connected sources (GHSA and OSS/ID...

CVE-2002-1148

The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...

Fixed in Apache Tomcat 4.1.12, 4.0.5

Important: Information disclosure CVE-2002-1148 A specially crafted URL using the default servlet can enable an attacker to obtain the source of JSP pages. Affects: 4.0.0-4.0.4, 4.1.0-4.1.11...