CVE-2001-0590

Apache Tomcat Servlet <3.2.2 - Info Disclosure

Title source: llm

Description

Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).

Exploits (1)

exploitdb WRITEUP VERIFIED

by lovehacker · textremotewindows

https://www.exploit-db.com/exploits/20716

View Code ZIP pw:eip

References (4)

[Exploit, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html

[Various Sources] http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-004

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/6971

[Third Party Advisory, VDB Entry] http://www.osvdb.org/5580

Scores

EPSS 0.4830

EPSS Percentile 97.7%

Details

Status published

Products (2)

apache/tomcat < 3.2.2

org.apache.tomcat/tomcat-servlet-api 0 - 3.2.2Maven

Published Aug 02, 2001

Tracked Since Feb 18, 2026