Description
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
References (7)
Core 7
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2003/dsa-246
Vendor Advisory x_refsource_confirm
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_hp
http://www.securityfocus.com/advisories/5111
Third Party Advisory, US Government Resource third-party-advisory
government-resource
x_refsource_ciac
http://www.ciac.org/ciac/bulletins/n-060.shtml
Vendor Advisory x_refsource_confirm
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6722
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11195
Scores
EPSS
0.0405
EPSS Percentile
89.5%
Details
Status
published
Products (10)
apache/tomcat
3.0
apache/tomcat
3.1
apache/tomcat
3.1.1
apache/tomcat
3.2
apache/tomcat
3.2.1
apache/tomcat
3.2.3
apache/tomcat
3.2.4
apache/tomcat
3.3
apache/tomcat
3.3.1
org.apache.tomcat/tomcat
0 - 3.3.1aMaven
Published
Feb 07, 2003
Tracked Since
Feb 18, 2026