GHSA-jxcv-v856-j5vg, CVE-2002-1148
maven/org.apache.tomcat/tomcat
Apache Tomcat Source Code Disclosure
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
All versions starting from 4.0.0 up to 4.0.4, all versions starting from 4.1.0 up to 4.1.10
Upgrade to versions 4.0.5, 4.1.12 or above.
2024-02-13
source |