Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0672

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2000-0672
Last Modified 10 Sep 2008 03:05:34
Published 20 Jul 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0672

Summary

The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.

Vulnerable Systems

Application

  • Apache Http Server 3.1

  • Apache Tomcat 3.0

  • Apache Tomcat 3.1


References

BUGTRAQ - 20000721 Jakarta-tomcat.../admin

XF - jakarta-tomcat-admin

BID - 1548


Last Updated: 27 May 2016 10:35:49