Description
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4296)
Serendipity Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5476)
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.21)
WebLogic CVE-2023-21837 Vulnerability (CVE-2023-21837)
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-29213)