CVE-2003-0043 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=0 <3.3.1a

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:N

EPSS: 0.02261 pctl0.83996

Details

Tomcat uses trusted privileges when processing web.xml file Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

Metadata

Created: 2022-04-29T01:25:44Z
Modified: 2025-04-03T15:12:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-cvx5-7vc7-rg77/GHSA-cvx5-7vc7-rg77.json
CWE IDs: ["CWE-250"]
Alternative ID: GHSA-cvx5-7vc7-rg77
Finding: F159
Auto approve: 1