GHSA-x445-mmpw-7r4f

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-x445-mmpw-7r4f/GHSA-x445-mmpw-7r4f.json

Aliases

CVE-2001-0590

Published

2022-04-30T18:16:22Z

Modified

2023-09-18T22:36:52Z

Details

Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).

References

https://nvd.nist.gov/vuln/detail/CVE-2001-0590
https://exchange.xforce.ibmcloud.com/vulnerabilities/6971
https://web.archive.org/web/20020711002734/http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html

Affected packages

Maven / org.apache.tomcat:tomcat-servlet-api

Source Details

Package Name: org.apache.tomcat:tomcat-servlet-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.2.2

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}