GHSA-qfw2-wvrw-mvw4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qfw2-wvrw-mvw4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-qfw2-wvrw-mvw4/GHSA-qfw2-wvrw-mvw4.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qfw2-wvrw-mvw4
- Aliases
-
- CVE-2003-0042
- Published
- 2022-04-29T01:25:43Z
- Modified
- 2023-11-08T03:56:45.038476Z
- Summary
- Jakarta Tomcat Directory Listing vulnerability
- Details
-
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
- Database specific
{ "nvd_published_at": "2003-02-07T05:00:00Z", "cwe_ids": [ "CWE-22" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-09-18T22:43:32Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2003-0042
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11194
- https://github.com/apache/tomcat
- http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a
- http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
- http://marc.info/?l=bugtraq&m=104394568616290&w=2
- http://secunia.com/advisories/7972
- http://secunia.com/advisories/7977
- http://www.ciac.org/ciac/bulletins/n-060.shtml
- http://www.debian.org/security/2003/dsa-246
- http://www.securityfocus.com/advisories/5111
- http://www.securityfocus.com/bid/6721
Affected packages
Maven / org.apache.tomcat:tomcat
Package
- Name
- org.apache.tomcat:tomcat
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat/tomcat