| VID |
22159 |
| Severity |
30 |
| Port |
8080 |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Apache Tomcat server has a JSP source revealing vulnerability via a malformed GET request.
Jakarta Tomcat is a Java application server used with Apache HTTP servers to support JavaServer Pages (JSP) and Java servlets. Jakarta Tomcat versions 3.2.1 and earlier could allow a remote attacker to view the source code of JavaServer Pages (JSP). A remote attacker can send a malformed GET request that does not end with an HTTP protocol specification (HTTP/1.0 or HTTP/1.1) to receive the source code of the requested JSP file, and possibly obtain database passwords and file names.
* Platforms Affected:
Tomcat 3.2.1 and earlier
* References:
http://www.iss.net/security_center/static/6971.php
http://www.kb.cert.org/vuls/id/208131 |
| Recommendation |
Upgrade to the latest version of Jakarta Tomcat (3.2.2 or later), available from the Jakarta Web site, http://jakarta.apache.org/site/binindex.html |
| Related URL |
CVE-2001-0590 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
