Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:29014
HistoryJan 15, 2021 - 6:04 a.m.

Information Disclosure

2021-01-1506:04:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8

EPSS

0.002

Percentile

61.5%

apache tomcat is vulnerable to information disclosure. Security constraints can be bypassed to obtain and view JSP source code in certain configurations, when serving resources from a network location using the NTFS file system. The vulnerability is caused by the insufficient validation for the : character in the file path.

References