Lucene search

[email protected]CVE-2002-2007

HistoryDec 31, 2002 - 5:00 a.m.

CVE-2002-2007

2002-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

apache

tomcat

cve-2002-2007

security

vulnerability

remote attackers

system information

http

jsp

directory listings

web root path

error messages

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.031 Low

EPSS

Percentile

90.9%

JSON

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.

CPENameOperatorVersion
apache:tomcatapache tomcateq3.2.4
apache:tomcatapache tomcateq3.2.3

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	3.2.4
apache:tomcat	apache tomcat	eq	3.2.3

References

cert.uni-stuttgart.de/archive/bugtraq/2002/05/msg00272.html

cert.uni-stuttgart.de/archive/bugtraq/2002/05/msg00275.html

www.iss.net/security_center/static/9208.php

www.kb.cert.org/vuls/id/116963

www.procheckup.com/security_info/vuln_pr0205.html

www.procheckup.com/security_info/vuln_pr0206.html

www.procheckup.com/security_info/vuln_pr0207.html

www.securityfocus.com/bid/4876

www.securityfocus.com/bid/4877

www.securityfocus.com/bid/4878

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.031 Low

EPSS

Percentile

90.9%

JSON

Related for CVE-2002-2007

nessus2 tomcat1 checkpoint_advisories1