ID CVE-2002-2008
Summary Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 4.0.3
    cpe:2.3:a:apache:tomcat:4.0.3
CVSS
Base: 5.0 (as of 11-08-2005 - 08:46)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family Web Servers
NASL id 404_PATH_DISCLOSURE.NASL
description The remote web server reveals the physical path of the webroot when a nonexistent page is requested. While printing errors to the output is useful for debugging applications, this feature should be disabled on production servers.
last seen 2019-02-21
modified 2018-06-27
plugin id 11714
published 2003-06-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11714
title Nonexistent Page (404) Physical Path Disclosure
refmap via4
bid 5054
bugtraq 20020619 KPMG-2002024: Apache Tomcat Path Disclosure
confirm http://tomcat.apache.org/security-4.html
xf tomcat-lpt9-path-disclosure(9394)
Last major update 05-09-2008 - 16:32
Published 31-12-2002 - 00:00
Back to Top