Debian Security Advisory DSA 225-1 (tomcat4)

The remote host is missing an update to tomcat4 announced via advisory DSA 225-1. OpenVAS Vulnerability Test $Id: deb2251.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 225-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian DSA-225-1 : tomcat4 - source disclosure

A security vulnerability has been confirmed to exist in Apache Tomcat 4.0.x releases, which allows to use a specially crafted URL to return the unprocessed source of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by a security constraint,...

CVE-2002-1394

Apache Tomcat 4.x: vulnerability allows remote disclosure of server source code when using both the invoker servlet and the default servlet (Tomcat 4.0.5 and earlier). Root cause is exposure of server files through misconfigured/default servlet handling; impact is read access to source code and p...

CVE-2002-1394

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...

Fixed in Apache Tomcat 4.1.13, 4.0.6

Important: Information disclosure CVE-2002-1394 A specially crafted URL using the invoker servlet in conjunction with the default servlet can enable an attacker to obtain the source of JSP pages or, under special circumstances, a static resource that would otherwise have been protected by a...