CVE-2002-2006

Severity

50%

Complexity

99%

Confidentiality

48%

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

Apache Software Foundation Tomcat

First reported 22 years ago

2002-12-31 05:00:00

Last updated 5 years ago

2019-03-25 11:29:00

Affected Software

Apache Software Foundation Tomcat 3.0

3.0

Apache Software Foundation Tomcat 3.1

3.1

Apache Software Foundation Tomcat 3.1.1

3.1.1

Apache Software Foundation Tomcat 3.2

3.2

Apache Software Foundation Tomcat 3.2.1

3.2.1

Apache Software Foundation Tomcat 3.2.3

3.2.3

Apache Software Foundation Tomcat 3.2.4

3.2.4

Apache Software Foundation Tomcat 3.3

3.3

Apache Software Foundation Tomcat 3.3.1

3.3.1

Apache Software Foundation Tomcat 4.0.0

4.0.0

Apache Software Foundation Tomcat 4.0.1

4.0.1

Apache Software Foundation Tomcat 4.0.2

4.0.2

Apache Software Foundation Tomcat 4.0.3

4.0.3

Apache Software Foundation Tomcat 4.1.0

4.1.0

References

20020422 Tomcat real path disclosure (2)

Exploit

30899

30908

239312

http://tomcat.apache.org/security-4.html

tomcat-example-class-information(8932)

4575