GHSA-qfw2-wvrw-mvw4

Suggest an improvement
Source
https://github.com/advisories/GHSA-qfw2-wvrw-mvw4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-qfw2-wvrw-mvw4/GHSA-qfw2-wvrw-mvw4.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-qfw2-wvrw-mvw4
Aliases
  • CVE-2003-0042
Published
2022-04-29T01:25:43Z
Modified
2023-11-01T05:28:13.425587Z
Summary
Jakarta Tomcat Directory Listing vulnerability
Details

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

Database specific
{
    "nvd_published_at": "2003-02-07T05:00:00Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-18T22:43:32Z"
}
References

Affected packages

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.1a