5
CVSSv2

CVE-2002-2006

Published: 31/12/2002 Updated: 25/03/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

The default installation of Apache Tomcat 4.0 up to and including 4.1 and 3.0 up to and including 3.3.1 allows remote malicious users to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

Affected Products

Vendor Product Versions
ApacheTomcat3.0, 3.1, 3.1.1, 3.2, 3.2.1, 3.2.3, 3.2.4, 3.3, 3.3.1, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.1.0

Exploits

source: wwwsecurityfocuscom/bid/4575/info Apache Tomcat is a servlet container for use with the Java Servlet and JavaServer Pages technologies Tomcat may be run on most UNIX and Linux variants as well as Microsoft Windows Apache Tomcat ships with a number of example classes (SnoopServlet and TroubleShooter) that may reveal the absolut ...