Apache Tomcat Source Code Disclosure
Moderate severity
GitHub Reviewed
Published
Apr 30, 2022
to the GitHub Advisory Database
•
Updated Feb 12, 2024
Package
Affected versions
>= 4.0.0, <= 4.0.4
>= 4.1.0, <= 4.1.10
Patched versions
4.0.5
4.1.12
Description
Published by the National Vulnerability Database
Oct 11, 2002
Published to the GitHub Advisory Database
Apr 30, 2022
Reviewed
Feb 12, 2024
Last updated
Feb 12, 2024
The default servlet (
org.apache.catalina.servlets.DefaultServlet
) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.References