CVE-2003-0043

Jakarta Tomcat <3.3.1a - Info Disclosure

Title source: llm
STIX 2.1

Description

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

References (7)

Core 7
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-246
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/advisories/5111
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/n-060.shtml
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6722
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11195

Scores

EPSS 0.0405
EPSS Percentile 89.5%

Details

Status published
Products (10)
apache/tomcat 3.0
apache/tomcat 3.1
apache/tomcat 3.1.1
apache/tomcat 3.2
apache/tomcat 3.2.1
apache/tomcat 3.2.3
apache/tomcat 3.2.4
apache/tomcat 3.3
apache/tomcat 3.3.1
org.apache.tomcat/tomcat 0 - 3.3.1aMaven
Published Feb 07, 2003
Tracked Since Feb 18, 2026