| Vulnerability Name: | CVE-2001-0917 (CCN-7599) | ||||||||
| Assigned: | 2001-11-22 | ||||||||
| Published: | 2001-11-22 | ||||||||
| Updated: | 2019-03-25 | ||||||||
| Summary: | Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu Nov 22 2001 - 03:32:20 CST Hi Source: CCN Type: BugTraq Mailing List, Fri Apr 19 2002 - 13:52:12 CDT Re: Tomcat 4.1 real path disclosure Source: CCN Type: CHINANSL Security Advisory(CSA-200201) Tomcat 4.1 real path disclosure Source: MITRE Type: CNA CVE-2001-0917 Source: CCN Type: The Jakarta Project Web site The Jakarta Site - Apache Tomcat Source: BUGTRAQ Type: UNKNOWN 20011122 Hi Source: CONFIRM Type: UNKNOWN http://marc.info/?l=tomcat-dev&m=100658457507305&w=2 Source: CCN Type: tomcat-dev Mailing List, 2001-11-24 6:57:30 Re: Hi Source: CCN Type: OSVDB ID: 5526 Apache Tomcat Long .JSP URI Path Disclosure Source: CCN Type: BID-4557 Apache Tomcat System Path Information Disclosure Vulnerability Source: XF Type: UNKNOWN tomcat-reveal-install-path(7599) Source: XF Type: UNKNOWN tomcat-reveal-install-path(7599) Source: MLIST Type: UNKNOWN [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ Source: MLIST Type: UNKNOWN [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ Source: MLIST Type: UNKNOWN [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||