Apache Tomcat 4.0.x < 4.0.5 / 4.1.x < 4.1.11 JSP Source Code Disclosure

medium Nessus Network Monitor Plugin ID 1463

Synopsis

The remote web server can disclose source code.

Description

Tomcat 4.0.4 and 4.1.10 (and possibly earlier versions) are vulnerable to source code disclosure by using the default servlet org.apache.catalina.servlets.DefaultServlet

Solution

Upgrade to version 4.0.5, 4.1.12 or higher

See Also

http://tomcat.apache.org/security-4.html#Fixed_in_Apache_Tomcat_4.1.12,_4.0.5

Plugin Details

Severity: Medium

ID: 1463

Family: Web Servers

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 11176

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:apache:tomcat

Vulnerability Publication Date: 9/24/2002

Reference Information

CVE: CVE-2002-1148

BID: 5786