CVE-2003-0043 — Tomcat uses trusted privileges when processing web.xml file

Description

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

How to fix CVE-2003-0043

To remediate CVE-2003-0043, upgrade the affected package to a fixed version below.

Maven/org.apache.tomcat:tomcat—upgrade to 3.3.1a or later

Is CVE-2003-0043 being exploited?

Low — EPSS is 3.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 3.3.1a

References (9)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2003-0043
PATCHgithub.com/apache/tomcat
WEBexchange.xforce.ibmcloud.com/vulnerabilities/11195
WEBweb.archive.org/web/20030804165204/http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt