Back to search
CVE-2002-2007
Published: Jul 14, 2005
Modified: Sep 17, 2024
PUBLISHED
Description
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
VU#116963
third-party-advisory
x_refsource_CERT-VN
4876
vdb-entry
x_refsource_BID
http://www.procheckup.com/security_info/vuln_pr0206.html
x_refsource_MISC
http://www.procheckup.com/security_info/vuln_pr0205.html
x_refsource_MISC
tomcat-sample-reveal-path(9208)
vdb-entry
x_refsource_XF
20020529 Vulnerability in Apache Tomcat v3.23 & v3.24 (part 2)
mailing-list
x_refsource_BUGTRAQ
20020529 Vulnerability in Apache Tomcat v3.23 & v3.24
mailing-list
x_refsource_BUGTRAQ
http://www.procheckup.com/security_info/vuln_pr0207.html
x_refsource_MISC
4877
vdb-entry
x_refsource_BID
4878
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now