CVE-2001-0917

Name of the Vulnerable Software and Affected Versions Jakarta Tomcat version 4.0.1

Description The issue allows remote attackers to reveal physical path information. This can be achieved by requesting a long URL with a .JSP extension or by making specific requests for JSP files, such as those where the file name is preceded by '+/','>/','</' or '%20/'.

Recommendations For Jakarta Tomcat version 4.0.1, consider restricting access to JSP files to minimize the risk of path disclosure until a patch is available. Avoid using long file names for JSP files and be cautious with requests that include special characters such as '+/','>/','</' or '%20/' in the file name.