ID CVE-2001-0917
Summary Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 4.0.1
    cpe:2.3:a:apache:tomcat:4.0.1
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family Web Servers
NASL id TOMCAT_LONG_URL_PATH_DISCLOSE.NASL
description The remote Apache Tomcat web server is affected by an information disclosure vulnerability. The full install path of Apache Tomcat can be obtained by sending an HTTP request which contains a long URL. Note that there reportedly is an additional install path disclosure vulnerability in this version of Apache Tomcat; however, Nessus has not explicitly tested for it.
last seen 2019-02-21
modified 2018-11-15
plugin id 49701
published 2010-10-01
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=49701
title Apache Tomcat Long URL Information Disclosure
refmap via4
bugtraq 20011122 Hi
confirm http://marc.info/?l=tomcat-dev&m=100658457507305&w=2
mlist
  • [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
xf tomcat-reveal-install-path(7599)
Last major update 17-10-2016 - 22:13
Published 22-11-2001 - 00:00
Last modified 25-03-2019 - 07:29
Back to Top