cve-2003-0042
Vulnerability from cvelistv5
Published
2003-01-29 05:00
Modified
2024-08-08 01:43
Severity
Summary
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
References
SourceURLTags
cve@mitre.orghttp://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/Vendor Advisory
cve@mitre.orghttp://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txtVendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104394568616290&w=2
cve@mitre.orghttp://secunia.com/advisories/7972
cve@mitre.orghttp://secunia.com/advisories/7977
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/n-060.shtml
cve@mitre.orghttp://www.debian.org/security/2003/dsa-246Patch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/advisories/5111
cve@mitre.orghttp://www.securityfocus.com/bid/6721
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/11194
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:43:35.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-246",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-246"
          },
          {
            "name": "6721",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6721"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/"
          },
          {
            "name": "20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104394568616290\u0026w=2"
          },
          {
            "name": "HPSBUX0303-249",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/advisories/5111"
          },
          {
            "name": "tomcat-null-directory-listing(11194)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11194"
          },
          {
            "name": "N-060",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/n-060.shtml"
          },
          {
            "name": "7977",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/7977"
          },
          {
            "name": "7972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/7972"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-01-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-246",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-246"
        },
        {
          "name": "6721",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6721"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/"
        },
        {
          "name": "20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104394568616290\u0026w=2"
        },
        {
          "name": "HPSBUX0303-249",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/advisories/5111"
        },
        {
          "name": "tomcat-null-directory-listing(11194)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11194"
        },
        {
          "name": "N-060",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/n-060.shtml"
        },
        {
          "name": "7977",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/7977"
        },
        {
          "name": "7972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/7972"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0042",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-246",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-246"
            },
            {
              "name": "6721",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6721"
            },
            {
              "name": "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/",
              "refsource": "CONFIRM",
              "url": "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/"
            },
            {
              "name": "20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104394568616290\u0026w=2"
            },
            {
              "name": "HPSBUX0303-249",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/advisories/5111"
            },
            {
              "name": "tomcat-null-directory-listing(11194)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11194"
            },
            {
              "name": "N-060",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/n-060.shtml"
            },
            {
              "name": "7977",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/7977"
            },
            {
              "name": "7972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/7972"
            },
            {
              "name": "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt",
              "refsource": "CONFIRM",
              "url": "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0042",
    "datePublished": "2003-01-29T05:00:00",
    "dateReserved": "2003-01-27T00:00:00",
    "dateUpdated": "2024-08-08T01:43:35.163Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2003-0042\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2003-02-07T05:00:00.000\",\"lastModified\":\"2017-07-11T01:29:27.180\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.\"},{\"lang\":\"es\",\"value\":\"Jakarta Tomcat antes de 3.3.1a, cuando se usa con JDK 1.3.1 o anterior, permite a atacantes remotos listar directorios incluso cuando un index.html u otro fichero presente mediante una URL conteniendo un car\u00e1cter nulo.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAFF8D91-80A2-454A-8B44-A5A889002692\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEC42876-65AD-476A-8B62-25D4E15D1BB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"724A8FF9-8089-4302-8200-08987A712988\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F97DDB7-E32B-422F-8AEA-07C75DEAD36E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7079F63C-7CA8-4909-A9C8-45C4C1C1C186\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC829C8E-1061-4F62-BA4B-FE5C7F11F209\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"143BA75E-A186-47EF-A18C-B1A1A1F61C00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0CDF9E1-9412-450E-B1D4-438F128FFF9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32561F50-6385-4D71-AFAC-3D2F8DB55A4B\"}]}]}],\"references\":[{\"url\":\"http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=104394568616290\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/7972\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/7977\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ciac.org/ciac/bulletins/n-060.shtml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2003/dsa-246\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/advisories/5111\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/6721\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/11194\",\"source\":\"cve@mitre.org\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.