The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
CVSS Score
5.0
EPSS Score
0.367
Published
2002-10-11
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
CVSS Score
7.5
EPSS Score
0.015
Published
2002-08-12
Page 4