CVE-2001-0590

Apache Tomcat Servlet <3.2.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0590. PoCs published by lovehacker.

AI-analyzed exploit summary This is a writeup describing a directory traversal vulnerability in Apache Tomcat on Windows NT. It provides examples of crafted URLs that can be used to access files outside the document root.

Description

Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).

Exploits (1)

exploitdb WRITEUP VERIFIED

by lovehacker · textremotewindows

https://www.exploit-db.com/exploits/20716

View Code ZIP pw:eip

This is a writeup describing a directory traversal vulnerability in Apache Tomcat on Windows NT. It provides examples of crafted URLs that can be used to access files outside the document root.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Apache Tomcat (Windows NT)

No auth needed

Prerequisites: Apache Tomcat running on Windows NT · Network access to the Tomcat server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html

Various Sources vendor-advisory x_refsource_hp

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-004

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/6971

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/5580

Scores

EPSS 0.4830

EPSS Percentile 97.8%

Details

Status published

Products (2)

apache/tomcat < 3.2.2

org.apache.tomcat/tomcat-servlet-api 0 - 3.2.2Maven

Published Aug 02, 2001

Tracked Since Feb 18, 2026