Signature Detail

HTTP: Tomcat .jsp Source Disclosure

This signature detects attempts to exploit a known vulnerability in DefaultServlet, included with Apache Tomcat. Apache Tomcat Server 4.1.10, 4.0.4, and earlier versions are vulnerable. Attackers can view the source of .jsp scripts to obtain critical information such as usernames and passwords.

Extended Description

The servlet 'org.apache.catalina.servlets.DefaultServlet' is included with Apache Tomcat by default. It is possible to use this servlet to view contents of files within the webroot. This includes JSP source code, which may contain sensitive data such as database usernames and passwords.

Affected Products

• Apache_software_foundation tomcat 3.0.0
• Apache_software_foundation tomcat 3.1.0
• Apache_software_foundation tomcat 3.1.1
• Apache_software_foundation tomcat 3.2.0
• Apache_software_foundation tomcat 3.2.1
• Apache_software_foundation tomcat 3.2.2 beta2
• Apache_software_foundation tomcat 3.2.3
• Apache_software_foundation tomcat 3.2.4
• Apache_software_foundation tomcat 3.3.0
• Apache_software_foundation tomcat 3.3.1
• Apache_software_foundation tomcat 4.0.0
• Apache_software_foundation tomcat 4.0.1
• Apache_software_foundation tomcat 4.0.2
• Apache_software_foundation tomcat 4.0.3
• Apache_software_foundation tomcat 4.0.4
• Apache_software_foundation tomcat 4.1.0
• Apache_software_foundation tomcat 4.1.10
• Apache_software_foundation tomcat 4.1.3 Beta
• Apache_software_foundation tomcat 4.1.9 Beta
• Hp virtualvault 11.0.4
• Sun solaris 10 Sparc
• Sun solaris 10 X86
• Sun solaris 9 Sparc
• Sun solaris 9 X86

References

• BugTraq: 5786
• CVE: CVE-2002-1148