Jakarta Tomcat 3.x/4.0 Error Message Information Disclosure Vulnerability

2001-08-16T00:00:00
ID EDB-ID:21073
Type exploitdb
Reporter LoWNOISE
Modified 2001-08-16T00:00:00

Description

Jakarta Tomcat 3.x/4.0 Error Message Information Disclosure Vulnerability. Local exploit for unix platform

                                        
                                            source: http://www.securityfocus.com/bid/3199/info

When a malformed request is made for a Java Server Page the server displays an error page. The error page contains potentially sensitive information, along with the absolute path of the JSP file on the webserver, which may aid in further attacks.

Jakarta Tomcat can be configured to display an alternate error file. By default it is not. 

http://webserver.com/\java.jsp