GEN:SID | 1:2061 |
Message | WEB-MISC Tomcat null byte directory listing attempt |
Summary | Jakarta Tomcat webserver.
|
Impact | Information disclosure
|
Detailed Information | A vulnerability exists in Jakarta Tomcat webservers prior to version 3.3.1a such that a request containing a null byte will result in a directory listing or present the opportunity to view the source of a java servlet on the server.
This occurs wether or not an index file is present in the directory.
|
Affected Systems | Jakarta Tomcat web application server prior to version 3.3.1a
|
Attack Scenarios | The attacker needs to supply a null byte in a URI request to the server.
|
Ease of Attack | Simple
|
Corrective Action | Upgrade the server to the latest non-affected version.
|
Additional References | CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0042
Apache Jakarta Tomcat: http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
|
Rule References | bugtraq: 2518
bugtraq: 6721
cve: 2003-0042
|