Apache Tomcat < 4.x JSP Source Code Disclosure

Low Nessus Network Monitor Plugin ID 1463

Synopsis

The remote web server can disclose source code.

Description

Tomcat 4.0.4 and 4.1.10 (and possibly earlier versions) are vulnerable to source code disclosure by using the default servlet org.apache.catalina.servlets.DefaultServlet

Solution

Upgrade to version 4.0.5, 4.1.12 or higher

Plugin Details

Severity: Low

ID: 1463

File Name: 1463.prm

Family: Web Servers

Published: 2004/08/20

Modified: 2016/01/30

Dependencies: 3057

Nessus ID: 11176

Risk Information

Risk Factor: Low

CVSSv2

Base Score: 3.6

Temporal Score: 3.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 5.1

Temporal Score: 4.9

Vector: CVSS3#AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:tomcat

Reference Information

CVE: CVE-2002-1148

BID: 5786