The default installation of Apache Tomcat 4.0 up to and including 4.1 and 3.0 up to and including 3.3.1 allows remote malicious users to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat 3.0 |
||
apache tomcat 3.1 |
||
apache tomcat 3.1.1 |
||
apache tomcat 3.2 |
||
apache tomcat 3.2.1 |
||
apache tomcat 3.2.3 |
||
apache tomcat 3.2.4 |
||
apache tomcat 3.3 |
||
apache tomcat 3.3.1 |
||
apache tomcat 4.0.0 |
||
apache tomcat 4.0.1 |
||
apache tomcat 4.0.2 |
||
apache tomcat 4.0.3 |
||
apache tomcat 4.1.0 |