6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.159 Low
EPSS
Percentile
95.9%
Low: Information disclosure CVE-2000-0759
Requesting a JSP that does not exist results in an error page that includes the full file system page of the current context.
Affects: 3.1
Important: Information disclosure CVE-2000-0672
Access to the admin context is not protected. This context allows an attacker to mount an arbitary file system path as a context. Any files accessible from this file sytem path to the account under which Tomcat is running are then visible to the attacker.
Affects: 3.1
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | eq | 3.1 |