ID CVE-2000-0672
Summary The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 3.1
    cpe:2.3:a:apache:http_server:3.1
  • Apache Software Foundation Tomcat 3.0
    cpe:2.3:a:apache:tomcat:3.0
  • Apache Software Foundation Tomcat 3.1
    cpe:2.3:a:apache:tomcat:3.1
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family Web Servers
NASL id TOMCAT_ADMIN.NASL
description The page /admin/contextAdmin/contextAdmin.html can be accessed. An attacker can exploit this to read arbitrary files.
last seen 2018-01-24
modified 2018-01-24
plugin id 10477
published 2000-07-22
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=10477
title Apache Tomcat contextAdmin Arbitrary File Access
refmap via4
bid 1548
bugtraq 20000721 Jakarta-tomcat.../admin
xf jakarta-tomcat-admin(5160)
Last major update 10-09-2008 - 15:05
Published 20-07-2000 - 00:00
Last modified 09-10-2017 - 21:29
Back to Top