Debian Security Advisory DSA 246-1 (tomcat)

The remote host is missing an update to tomcat announced via advisory DSA 246-1. OpenVAS Vulnerability Test $Id: deb2461.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 246-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

CVE-2003-0042

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character...

CVE-2003-0042

CVE-2003-0042 affects Apache Jakarta Tomcat up to version 3.3.1a when used with JDK 1.3.1 or earlier. The vulnerability lets remote attackers cause directory listings and disclose JSP/source via a URL containing a null character, bypassing index.html or other welcome-file safeguards. Root cause i...

CVE-2003-0042

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character...

Fixed in Apache Tomcat 3.3.1a

Important: Information disclosure CVE-2003-0043 When used with JDK 1.3.1 or earlier, web.xml files were read with trusted privileges enabling files outside of the web application to be read even when running under a security manager. Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1 Important:...