Apache Tomcat Directory Listing and File disclosure

Apache Tomcat (prior to 3.3.1a) is prone to a directory listing and file disclosure vulnerability, it allows remote attackers to potentially list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file.
Upgrade to Tomcat 4.1.18 or newer version.