CVE-2003-0042

Name of the Vulnerable Software and Affected Versions Jakarta Tomcat versions prior to 3.3.1a

Description The issue allows remote attackers to list directories even when an index.html or other file is present, or obtain unprocessed source code for a JSP file. This can be achieved via a URL containing a null character. URLs with null characters could result in file contents being returned or a directory listing being returned even when a welcome file was defined.

Recommendations For Jakarta Tomcat versions prior to 3.3.1a, update to version 3.3.1a or later to resolve the issue. As a temporary workaround, consider restricting access to URLs containing null characters to minimize the risk of exploitation.