CVE-2003-0042

Jakarta Tomcat <3.3.1a - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0042. PoCs published by Jouko PynnÃ¶nen.

AI-analyzed exploit summary This exploit demonstrates a directory traversal and file disclosure vulnerability in Apache Tomcat when used with JDK 1.3.1 or earlier. It leverages improper handling of null bytes and backslash characters to access restricted files and directories.

Description

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jouko PynnÃ¶nen · textremotelinux

https://www.exploit-db.com/exploits/22205

View Code ZIP pw:eip

This exploit demonstrates a directory traversal and file disclosure vulnerability in Apache Tomcat when used with JDK 1.3.1 or earlier. It leverages improper handling of null bytes and backslash characters to access restricted files and directories.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Apache Tomcat with JDK 1.3.1 or earlier

No auth needed

Prerequisites: Apache Tomcat with JDK 1.3.1 or earlier · Network access to the target server

MITRE ATT&CK