Vulnerability Details CVE-2001-0590
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.173
EPSS Ranking 94.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html
- http://www.osvdb.org/5580
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-004
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6971
- http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html
- http://www.osvdb.org/5580
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-004
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6971
Products affected by CVE-2001-0590
-
cpe:2.3:a:apache:tomcat:-
-
cpe:2.3:a:apache:tomcat:1.1.3
-
cpe:2.3:a:apache:tomcat:3.0
-
cpe:2.3:a:apache:tomcat:3.1
-
cpe:2.3:a:apache:tomcat:3.1.1
-
cpe:2.3:a:apache:tomcat:3.2
-
cpe:2.3:a:apache:tomcat:3.2.1
-
cpe:2.3:a:apache:tomcat:3.2.2