Vulnerability Name:
CVE-2002-2006 (CCN-8932)
Assigned:
2002-04-22
Published:
2002-04-22
Updated:
2019-03-25
Summary:
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
None
Availibility (A):
None
CVSS v2 Severity:
5.0 Medium
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
5.0 Medium
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Obtain Information
References:
Source: BUGTRAQ
Type: Exploit
20020422 Tomcat real path disclosure (2)
Source: CCN
Type: BugTraq Mailing List, Mon Apr 22 2002 - 02:06:50 CDT
Tomcat real path disclosure (2)
Source: MITRE
Type: CNA
CVE-2002-2006
Source: CCN
Type: The Jakarta Project Web site
The Jakarta Site - Apache Tomcat
Source: CCN
Type: SA30899
Sun Solaris 9 Tomcat Multiple Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
30899
Source: CCN
Type: SA30908
Sun Solaris 10 Tomcat Multiple Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
30908
Source: SUNALERT
Type: UNKNOWN
239312
Source: CCN
Type: Sun Alert ID: 239312
Security Vulnerabilities in Tomcat 4.0 Shipped with Solaris 9 and 10
Source: CCN
Type: ASA-2008-293
Security Vulnerabilities in Tomcat 4.0 Shipped with Solaris 9 and 10 (Sun 239312)
Source: CONFIRM
Type: UNKNOWN
http://tomcat.apache.org/security-4.html
Source: XF
Type: UNKNOWN
tomcat-example-class-information(8932)
Source: CCN
Type: OSVDB ID: 849
Apache Tomcat TroubleShooter Servlet Information Disclosure
Source: CCN
Type: OSVDB ID: 9695
Apache Tomcat SnoopServlet Servlet Information Disclosure
Source: BID
Type: Exploit
4575
Source: CCN
Type: BID-4575
Apache Tomcat Servlet Path Disclosure Vulnerability
Source: VUPEN
Type: UNKNOWN
ADV-2008-1979
Source: XF
Type: UNKNOWN
tomcat-example-class-information(8932)
Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
Vulnerable Configuration:
Configuration 1
:
cpe:/a:apache:tomcat:3.0:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:3.1:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:3.1.1:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:3.2:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:3.2.1:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:3.2.3:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:3.2.4:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:3.3:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:3.3.1:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:apache:tomcat:3.1:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:3.0:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:3.2.1:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:3.2.3:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:3.2.4:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:3.3:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:3.1.1:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:3.2:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:3.3.1:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
OR
cpe:/a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
AND
cpe:/o:sun:solaris:9:*:x86:*:*:*:*:*
OR
cpe:/o:sun:solaris:10:*:sparc:*:*:*:*:*
OR
cpe:/o:sun:solaris:10:*:x86:*:*:*:*:*
OR
cpe:/o:sun:solaris:9:*:sparc:*:*:*:*:*
Denotes that component is vulnerable
BACK
apache
tomcat 3.0
apache
tomcat 3.1
apache
tomcat 3.1.1
apache
tomcat 3.2
apache
tomcat 3.2.1
apache
tomcat 3.2.3
apache
tomcat 3.2.4
apache
tomcat 3.3
apache
tomcat 3.3.1
apache
tomcat 4.0.0
apache
tomcat 4.0.1
apache
tomcat 4.0.2
apache
tomcat 4.0.3
apache
tomcat 4.1.0
apache
tomcat 3.1
apache
tomcat 3.0
apache
tomcat 3.2.1
apache
tomcat 4.0.1
apache
tomcat 3.2.3
apache
tomcat 3.2.4
apache
tomcat 4.0.3
apache
tomcat 3.3
apache
tomcat 4.1.0
apache
tomcat 3.1.1
apache
tomcat 3.2
apache
tomcat 3.3.1
apache
tomcat 4.0.0
apache
tomcat 4.0.2
sun
solaris 9
sun
solaris 10
sun
solaris 10
sun
solaris 9
Denotes that component is vulnerable