The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote malicious users to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat 3.2.4 |
||
apache tomcat 3.2.3 |