5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.013 Low
EPSS
Percentile
86.0%
Low: Information disclosure CVE-2002-2009, CVE-2001-0917
Requests for JSP files where the file name is preceded by ‘+/’, ‘>/’, ‘</’ or ‘%20/’ or a request for a JSP with a long file name would result in in an error page that included the full file system path to the JSP file.
Affects: 4.0.0-4.0.1
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | ge | 4.0.0 | |
apache tomcat | le | 4.0.1 |