| Vulnerability Name: | CVE-2002-2007 (CCN-9208) | ||||||||
| Assigned: | 2002-05-29 | ||||||||
| Published: | 2002-05-29 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: BUGTRAQ Type: Exploit 20020529 Vulnerability in Apache Tomcat v3.23 & v3.24 Source: BUGTRAQ Type: Exploit 20020529 Vulnerability in Apache Tomcat v3.23 & v3.24 (part 2) Source: MITRE Type: CNA CVE-2002-2007 Source: CCN Type: The Jakarta Project Web site The Jakarta Site - Apache Tomcat Source: XF Type: UNKNOWN tomcat-sample-reveal-path(9208) Source: CCN Type: US-CERT VU#116963 Apache Tomcat default installation contains sample applications that disclose webroot path Source: CERT-VN Type: US Government Resource VU#116963 Source: CCN Type: OSVDB ID: 13303 Apache Tomcat source.jsp Arbitrary Directory Listing Source: CCN Type: OSVDB ID: 13304 Apache Tomcat realPath.jsp Path Disclosure Source: CCN Type: OSVDB ID: 14580 Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure Source: CCN Type: ProCheckUp Security Bulletin PR02-05 Tomcat source.jsp directory listing and webroot location display Source: MISC Type: UNKNOWN http://www.procheckup.com/security_info/vuln_pr0205.html Source: CCN Type: ProCheckUp Security Bulletin PR02-06 Tomcat realPath.jsp gives location of web root Source: MISC Type: UNKNOWN http://www.procheckup.com/security_info/vuln_pr0206.html Source: CCN Type: ProCheckUp Security Bulletin PR02-07 Tomcat multiple sample files display webroot location on default configuration on request Source: MISC Type: UNKNOWN http://www.procheckup.com/security_info/vuln_pr0207.html Source: BID Type: Exploit 4876 Source: CCN Type: BID-4876 Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability Source: BID Type: Exploit 4877 Source: CCN Type: BID-4877 Apache Tomcat Example Files Web Root Path Disclosure Vulnerability Source: BID Type: Exploit 4878 Source: CCN Type: BID-4878 Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability Source: XF Type: UNKNOWN tomcat-sample-reveal-path(9208) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||