Vulnerability Details CVE-2003-0043
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.032
EPSS Ranking 87.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
- http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
- http://www.ciac.org/ciac/bulletins/n-060.shtml
- http://www.debian.org/security/2003/dsa-246
- http://www.securityfocus.com/advisories/5111
- http://www.securityfocus.com/bid/6722
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11195
- http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
- http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
- http://www.ciac.org/ciac/bulletins/n-060.shtml
- http://www.debian.org/security/2003/dsa-246
- http://www.securityfocus.com/advisories/5111
- http://www.securityfocus.com/bid/6722
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11195
Products affected by CVE-2003-0043
-
cpe:2.3:a:apache:tomcat:3.0
-
cpe:2.3:a:apache:tomcat:3.1
-
cpe:2.3:a:apache:tomcat:3.1.1
-
cpe:2.3:a:apache:tomcat:3.2
-
cpe:2.3:a:apache:tomcat:3.2.1
-
cpe:2.3:a:apache:tomcat:3.2.3
-
cpe:2.3:a:apache:tomcat:3.2.4
-
cpe:2.3:a:apache:tomcat:3.3
-
cpe:2.3:a:apache:tomcat:3.3.1