Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-a2q2-x613-quav
Vulnerability ID VCID-a2q2-x613-quav
Aliases CVE-2001-0590
GHSA-x445-mmpw-7r4f
Summary Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.21835 https://api.first.org/data/v1/epss?cve=CVE-2001-0590
epss 0.21835 https://api.first.org/data/v1/epss?cve=CVE-2001-0590
epss 0.21835 https://api.first.org/data/v1/epss?cve=CVE-2001-0590
epss 0.21835 https://api.first.org/data/v1/epss?cve=CVE-2001-0590
epss 0.21835 https://api.first.org/data/v1/epss?cve=CVE-2001-0590
epss 0.48298 https://api.first.org/data/v1/epss?cve=CVE-2001-0590
epss 0.48298 https://api.first.org/data/v1/epss?cve=CVE-2001-0590
epss 0.48298 https://api.first.org/data/v1/epss?cve=CVE-2001-0590
epss 0.48298 https://api.first.org/data/v1/epss?cve=CVE-2001-0590
apache_tomcat Moderate https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/6971
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-x445-mmpw-7r4f
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2001-0590
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2001-0590
generic_textual MODERATE https://web.archive.org/web/20020711002734/http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html
Reference id Reference type URL
http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html
https://api.first.org/data/v1/epss?cve=CVE-2001-0590
https://exchange.xforce.ibmcloud.com/vulnerabilities/6971
https://web.archive.org/web/20020711002734/http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-004
http://www.osvdb.org/5580
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
CVE-2001-0590 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590
CVE-2001-0590 https://nvd.nist.gov/vuln/detail/CVE-2001-0590
CVE-2001-0590;OSVDB-5580 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/20716.txt
CVE-2001-0590;OSVDB-5580 Exploit https://www.securityfocus.com/bid/2518/info
GHSA-x445-mmpw-7r4f https://github.com/advisories/GHSA-x445-mmpw-7r4f
Data source Exploit-DB
Date added March 28, 2001
Description Apache Tomcat 3.0 - Directory Traversal
Ransomware campaign use Known
Source publication date March 28, 2001
Exploit type remote
Platform windows
Source update date Aug. 22, 2012
Source URL https://www.securityfocus.com/bid/2518/info
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2001-0590
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.95721
EPSS Score 0.21835
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:38:21.236956+00:00 Apache Tomcat Importer Import https://tomcat.apache.org/security-3.html 38.0.0