Description
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
References (2)
Core 2
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/4205.php
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=95371672300045&w=2
Scores
EPSS
0.0345
EPSS Percentile
87.7%
Details
Status
published
Products (2)
apache/tomcat
< 3.1
org.apache.tomcat/tomcat
0Maven
Published
Mar 22, 2002
Tracked Since
Feb 18, 2026