CVE-2003-0042

{"id": "CVE-2003-0042", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-02-07T05:00:00.000", "references": [{"url": "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=104394568616290&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/7972", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/7977", "source": "cve@mitre.org"}, {"url": "http://www.ciac.org/ciac/bulletins/n-060.shtml", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2003/dsa-246", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/advisories/5111", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/6721", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11194", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character."}, {"lang": "es", "value": "Jakarta Tomcat antes de 3.3.1a, cuando se usa con JDK 1.3.1 o anterior, permite a atacantes remotos listar directorios incluso cuando un index.html u otro fichero presente mediante una URL conteniendo un car\u00e1cter nulo."}], "lastModified": "2017-07-11T01:29:27.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAFF8D91-80A2-454A-8B44-A5A889002692"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEC42876-65AD-476A-8B62-25D4E15D1BB6"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "724A8FF9-8089-4302-8200-08987A712988"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F97DDB7-E32B-422F-8AEA-07C75DEAD36E"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7079F63C-7CA8-4909-A9C8-45C4C1C1C186"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC829C8E-1061-4F62-BA4B-FE5C7F11F209"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "143BA75E-A186-47EF-A18C-B1A1A1F61C00"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0CDF9E1-9412-450E-B1D4-438F128FFF9E"}, {"criteria": "cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32561F50-6385-4D71-AFAC-3D2F8DB55A4B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}