/<00>.jsp(where <00> is a null byte) would retrieve the directory listing of the / (web root) directory. Normally, an index page such as index.html would be shown instead of revealing the directory listing, but in this case the server is tricked into treating the URL as a JSP file, thus bypassing the usual behavior and revealing the directory.
Variations of this attack could result in remote read access to files which are normally inaccessible, and JSP source code disclosure. Tomcat 3.3.1 and earlier are affected by this vulnerability.
3/20/03
CAN 2003-0043
CAN 2003-0044
Tomcat 3.3.1 and earlier are also affected by two other
vulnerabilities, one which could allow an attacker to
read certain files outside of a web application via the
web.xml file, and another which could allow
cross-site scripting in a sample web application.
Note: This tutorial only includes vulnerabilities specifically inherent to the Apache Tomcat engine. Other vulnerabilities which may affect Tomcat are described in other tutorials such as http cgi info and Cross site scripting.