Summary
The source.jsp file, distributed with Apache Tomcat server, will disclose information when passed a malformed request. As a result, information such as the web root path and directory listings could be obtained.
Example: http://target/examples/jsp/source.jsp?? - reveals the web root http://target/examples/jsp/source.jsp?/jsp/ - reveals the contents of the jsp directory
Solution
Remove default files from the web server
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2000-1210 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Apache Solr Directory Traversal Vulnerability Jan-14
- Ampache Reflected Cross Site Scripting Vulnerability