Intrusion Prevention

Apache.Tomcat.Null.Byte.Directory.File.Disclosure

Description

This indicates a possible attempt to obtain information from a system using a vulnerability in Apache Tomcat Web Server.
There is an information disclosure vulnerability in Apache Jakarta Tomcat before 3.3.1a (when using JDK 1.3.1 or earlier). It can be exploited by sending a URL containing a NULL character to the server. As a result a remote attacker can list directories or obtain source code for a JSP file.

Affected Products

Apache Software Foundation Tomcat 3.0 - 3.3.1 (except V 3.3.1 a)

Impact

Information Disclosure.

Recommended Actions

Apply the appropriate patch from the vendor or upgrade to a non-vulnerable version if available.

CVE References

CVE-2003-0042