| Vulnerability Name: | CVE-2003-0043 (CCN-11195) | ||||||||
| Assigned: | 2003-01-25 | ||||||||
| Published: | 2003-01-25 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2003-0043 Source: CCN Type: Apache Jakarta Project Web site Index of /builds/jakarta-tomcat/release/v3.3.1a Source: CONFIRM Type: Vendor Advisory http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/ Source: CONFIRM Type: Vendor Advisory http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt Source: CCN Type: CIAC Information Bulletin N-060 Vulnerabilities in Tomcat 3.3.1 Source: CIAC Type: UNKNOWN N-060 Source: DEBIAN Type: UNKNOWN DSA-246 Source: DEBIAN Type: DSA-246 tomcat -- information exposure Source: CCN Type: OSVDB ID: 12231 Apache Tomcat web.xml Arbitrary File Access Source: CCN Type: Hewlett-Packard Company Security Bulletin HPSBUX0303-249 SSRT3522 Sec. Vulnerabilities in Tomcat 3.3.1 Source: HP Type: UNKNOWN HPSBUX0303-249 Source: BID Type: UNKNOWN 6722 Source: CCN Type: BID-6722 Apache Tomcat Web.XML File Contents Disclosure Vulnerability Source: XF Type: UNKNOWN tomcat-webxml-read-files(11195) Source: XF Type: UNKNOWN tomcat-webxml-read-files(11195) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||