Apache Tomcat Source.jsp Malformed Request Information Disclosure Network Vulnerability

Summary

The source.jsp file, distributed with Apache Tomcat server, will disclose information when passed a malformed request. As a result, information such as the web root path and directory listings could be obtained. Example: http://target/examples/jsp/source.jsp?? - reveals the web root http://target/examples/jsp/source.jsp?/jsp/ - reveals the contents of the jsp directory

Solution

Remove default files from the web server

References

http://www.securityfocus.com/bid/4876

Updated on 2015-03-25

Severity

Classification

CVE CVE-2000-1210
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
Apache ActiveMQ Source Code Information Disclosure Vulnerability
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
Apache Solr Directory Traversal Vulnerability Jan-14
Ampache Reflected Cross Site Scripting Vulnerability

Apache Tomcat source.jsp malformed request information disclosure

Take action and discover your vulnerabilities