Important: Information disclosure CVE-2003-0043
When used with JDK 1.3.1 or earlier, web.xml files were read with trusted privileges enabling files outside of the web application to be read even when running under a security manager.
Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1
Important: Information disclosure CVE-2003-0042
URLs containing null characters could result in file contents being returned or a directory listing being returned even when a welcome file was defined.
Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | eq | 3.0 | |
apache tomcat | ge | 3.1 | |
apache tomcat | le | 3.1.1 | |
apache tomcat | ge | 3.2 | |
apache tomcat | le | 3.2.4 | |
apache tomcat | eq | 3.3a-3.3.1 |