Description
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
Remediation
References
Related Vulnerabilities
Drupal Core 8.x.x Cross-Site Scripting (8.0.0 - 8.4.6)
Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7857)
Oracle Application Server Other Vulnerability (CVE-2006-5362)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3390)
WordPress Plugin Gravity Forms Cross-Site Scripting (2.0.6.5)