Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

The developers of tomcat discovered several problems in tomcat version 3.x. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CAN-2003-0042: A maliciously crafted request could     return a directory listing even when an index.html,     index.jsp, or other welcome file is present. File     contents can be returned as well.
  - CAN-2003-0043: A malicious web application could read     the contents of some files outside the web application     via its web.xml file in spite of the presence of a     security manager. The content of files that can be read     as part of an XML document would be accessible.

  - CAN-2003-0044: A cross-site scripting vulnerability was     discovered in the included sample web application that     allows remote attackers to execute arbitrary script     code.

Apache Tomcat (prior to 3.3.1a) is affected by a directory listing and file disclosure vulnerability.

By requesting URLs containing a null character, remote attackers can list directories even when an index.html or other file is present or obtain unprocessed source code for a JSP file.

Also note that, when deployed with JDK 1.3.1 or earlier, Tomcat allows files outside of the application directory to be accessed because 'web.xml' files are read with trusted privileges.

ID	Name	Product	Family	Severity
15083	Debian DSA-246-1 : tomcat - information exposure, XSS	Nessus	Debian Local Security Checks	medium
1466	Apache Tomcat < 3.3.1a Directory Listing and File Disclosure	Nessus Network Monitor	Web Servers	medium
11438	Apache Tomcat Directory Listing and File Disclosure	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2003-0042

high

Tenable Plugins

medium

medium

medium