PT-2002-2144 · Apache · Apache Tomcat

Publicado

2002-10-11

Atualizado

2022-04-30

CVE-2002-1148

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.0.4 and 4.1.10 and earlier

Description: The issue allows remote attackers to read source code for server files via a direct request to the org.apache.catalina.servlets.DefaultServlet servlet. A specially crafted URL using the default servlet can enable an attacker to obtain the source of JSP pages.

Recommendations: For Apache Tomcat versions 4.0.4 and 4.1.10 and earlier, consider disabling the org.apache.catalina.servlets.DefaultServlet servlet until a patch is available to prevent remote attackers from reading source code for server files. Restrict access to the default servlet to minimize the risk of exploitation.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2002-1148

DSA-170

GHSA-JXCV-V856-J5VG

Produtos afetados

Apache Tomcat

PT-2002-2144 · Apache · Apache Tomcat

CVE-2002-1148

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24