Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2007

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-2007
Last Modified 05 Sep 2008 04:32:05
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-2007

Summary

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.

Vulnerable Systems

Application

  • Apache Tomcat 3.2.3

  • Apache Tomcat 3.2.4


References

CERT-VN - VU#116963

BID - 4878

BID - 4877

BID - 4876

MISC - http://www.procheckup.com/security_info/vuln_pr0207.html

MISC - http://www.procheckup.com/security_info/vuln_pr0206.html

MISC - http://www.procheckup.com/security_info/vuln_pr0205.html

XF - tomcat-sample-reveal-path(9208)

BUGTRAQ - 20020529 Vulnerability in Apache Tomcat v3.23 & v3.24 (part 2)

BUGTRAQ - 20020529 Vulnerability in Apache Tomcat v3.23 & v3.24


Last Updated: 27 May 2016 10:37:34