ID CVE-2002-2006
Summary The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 3.0
    cpe:2.3:a:apache:tomcat:3.0
  • Apache Software Foundation Tomcat 3.1
    cpe:2.3:a:apache:tomcat:3.1
  • Apache Software Foundation Tomcat 3.1.1
    cpe:2.3:a:apache:tomcat:3.1.1
  • Apache Software Foundation Tomcat 3.2
    cpe:2.3:a:apache:tomcat:3.2
  • Apache Software Foundation Tomcat 3.2.1
    cpe:2.3:a:apache:tomcat:3.2.1
  • Apache Software Foundation Tomcat 3.2.3
    cpe:2.3:a:apache:tomcat:3.2.3
  • Apache Software Foundation Tomcat 3.2.4
    cpe:2.3:a:apache:tomcat:3.2.4
  • Apache Software Foundation Tomcat 3.3
    cpe:2.3:a:apache:tomcat:3.3
  • Apache Software Foundation Tomcat 3.3.1
    cpe:2.3:a:apache:tomcat:3.3.1
  • Apache Software Foundation Tomcat 4.0.0
    cpe:2.3:a:apache:tomcat:4.0.0
  • Apache Software Foundation Tomcat 4.0.1
    cpe:2.3:a:apache:tomcat:4.0.1
  • Apache Software Foundation Tomcat 4.0.2
    cpe:2.3:a:apache:tomcat:4.0.2
  • Apache Software Foundation Tomcat 4.0.3
    cpe:2.3:a:apache:tomcat:4.0.3
  • Apache Software Foundation Tomcat 4.1.0
    cpe:2.3:a:apache:tomcat:4.1.0
CVSS
Base: 5.0 (as of 11-08-2005 - 08:39)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability. CVE-2002-2006. Remote exploit for unix platform
id EDB-ID:21412
last seen 2016-02-02
modified 2002-04-23
published 2002-04-23
reporter CHINANSL Security Team
source https://www.exploit-db.com/download/21412/
title Apache Tomcat 4.0/4.1 - Servlet Path Disclosure Vulnerability
nessus via4
  • NASL family Web Servers
    NASL id TOMCAT_4_1_0.NASL
    description According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.0. It is, therefore, affected by multiple vulnerabilities : - An error exists in the handling of malformed packets that can cause the processing thread to become unresponsive. A sequence of such requests can cause all threads to become unresponsive. (CVE-2003-0866) - Two example servlets, 'snoop' and a troubleshooting servlet, disclose the Apache Tomcat installation path. (CVE-2002-2006) - It has also been reported that this version of Tomcat is affected by a cross-site scripting vulnerability. The contents of a request URL are not sanitized before being returned to the browser should an error occur. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 50475
    published 2010-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50475
    title Apache Tomcat 4.x < 4.1.0 Multiple Vulnerabilities
  • NASL family CGI abuses
    NASL id APACHE_TOMCAT_TROUBLESHOOTER.NASL
    description The default installation of Apache Tomcat includes various sample JSP pages and servlets. One of these, the 'TroubleShooter' servlet, discloses Tomcat's installation directory when accessed directly.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 11046
    published 2002-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11046
    title Apache Tomcat TroubleShooter Servlet Information Disclosure
refmap via4
bid 4575
bugtraq 20020422 Tomcat real path disclosure (2)
confirm http://tomcat.apache.org/security-4.html
mlist
  • [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
secunia
  • 30899
  • 30908
sunalert 239312
vupen ADV-2008-1979
xf tomcat-example-class-information(8932)
Last major update 07-03-2011 - 21:11
Published 31-12-2002 - 00:00
Last modified 25-03-2019 - 07:29
Back to Top