CVE-2003-0042

N/A Unknown

Published: February 07, 2003 Modified: April 16, 2026

Description

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Source: cve@mitre.org

Vendor Advisory

http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt

Source: cve@mitre.org

Vendor Advisory

http://marc.info/?l=bugtraq&m=104394568616290&w=2

Source: cve@mitre.org

http://secunia.com/advisories/7972

Source: cve@mitre.org

http://secunia.com/advisories/7977

Source: cve@mitre.org

http://www.ciac.org/ciac/bulletins/n-060.shtml

Source: cve@mitre.org

http://www.debian.org/security/2003/dsa-246

Source: cve@mitre.org

Patch Vendor Advisory

http://www.securityfocus.com/advisories/5111

Source: cve@mitre.org

http://www.securityfocus.com/bid/6721

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/11194

Source: cve@mitre.org

http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/