Skip to content

Jakarta Tomcat Directory Listing vulnerability

Moderate severity GitHub Reviewed Published Apr 29, 2022 to the GitHub Advisory Database • Updated Sep 18, 2023

Package

maven org.apache.tomcat:tomcat (Maven)

Affected versions

< 3.3.1a

Patched versions

3.3.1a

Description

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

References

Published by the National Vulnerability Database Feb 7, 2003
Published to the GitHub Advisory Database Apr 29, 2022
Reviewed Sep 18, 2023
Last updated Sep 18, 2023

Severity

Moderate

EPSS score

13.726%
(96th percentile)

Weaknesses

CVE ID

CVE-2003-0042

GHSA ID

GHSA-qfw2-wvrw-mvw4

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.