important: Information disclosure
CVE-2003-0043
When used with JDK 1.3.1 or earlier, web.xml files were read with
trusted privileges enabling files outside of the web application to be
read even when running under a security manager.
Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1
important: Information disclosure
CVE-2003-0042
URLs containing null characters could result in file contents being
returned or a directory listing being returned even when a welcome file
was defined.
Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1