Apache Tomcat Null Byte Directory/File Disclosure Vulnerability

Apache Tomcat Null Byte Directory/File Disclosure Vulnerability

Solution:
HP has released an advisory (HPSBUX0303-249) that contains fixes to address this issue.

This issue has been addressed in Apache Tomcat 3.3.1a.

Fixes are available:

Apache Software Foundation Tomcat 3.0

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Apache Software Foundation Tomcat 3.1

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Apache Software Foundation Tomcat 3.1.1

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Apache Software Foundation Tomcat 3.2

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Apache Software Foundation Tomcat 3.2.1

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Apache Software Foundation Tomcat 3.2.3

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Apache Software Foundation Tomcat 3.2.4

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Apache Software Foundation Tomcat 3.3

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

Debian libapache-mod-jk_3.3a-4woody1_i386.deb
http://security.debian.org/pool/updates/contrib/t/tomcat/libapache-mod -jk_3.3a-4woody1_i386.deb

Debian tomcat_3.3a-4woody1_all.deb
http://security.debian.org/pool/updates/contrib/t/tomcat/tomcat_3.3a-4 woody1_all.deb

Apache Software Foundation Tomcat 3.3.1

Apache Software Foundation Jakarta Tomcat 3.3.1a
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/