1. CVE-Search
  2. CVE-2002-2006
ID CVE-2002-2006
Summary The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 25-03-2019 - 11:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 4575
bugtraq 20020422 Tomcat real path disclosure (2)
confirm http://tomcat.apache.org/security-4.html
mlist
  • [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
secunia
  • 30899
  • 30908
sunalert 239312
vupen ADV-2008-1979
xf tomcat-example-class-information(8932)
Last major update 25-03-2019 - 11:29
Published 31-12-2002 - 05:00
Last modified 25-03-2019 - 11:29
Back to Top