CVE-2002-2006

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html	Exploit
http://secunia.com/advisories/30899
http://secunia.com/advisories/30908
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
http://tomcat.apache.org/security-4.html
http://www.iss.net/security_center/static/8932.php
http://www.securityfocus.com/bid/4575	Exploit
http://www.vupen.com/english/advisories/2008/1979/references
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html	Exploit
http://secunia.com/advisories/30899
http://secunia.com/advisories/30908
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
http://tomcat.apache.org/security-4.html
http://www.iss.net/security_center/static/8932.php
http://www.securityfocus.com/bid/4575	Exploit
http://www.vupen.com/english/advisories/2008/1979/references
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:tomcat:3.0:::::::*
	cpe:2.3:a:apache:tomcat:3.1:::::::*
	cpe:2.3:a:apache:tomcat:3.1.1:::::::*
	cpe:2.3:a:apache:tomcat:3.2:::::::*
	cpe:2.3:a:apache:tomcat:3.2.1:::::::*
	cpe:2.3:a:apache:tomcat:3.2.3:::::::*
	cpe:2.3:a:apache:tomcat:3.2.4:::::::*
	cpe:2.3:a:apache:tomcat:3.3:::::::*
	cpe:2.3:a:apache:tomcat:3.3.1:::::::*
	cpe:2.3:a:apache:tomcat:4.0.0:::::::*
	cpe:2.3:a:apache:tomcat:4.0.1:::::::*
	cpe:2.3:a:apache:tomcat:4.0.2:::::::*
	cpe:2.3:a:apache:tomcat:4.0.3:::::::*
	cpe:2.3:a:apache:tomcat:4.1.0:::::::*

History

20 Nov 2024, 23:42

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html - Exploit~~	() http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html - Exploit
References	~~() http://secunia.com/advisories/30899 -~~	() http://secunia.com/advisories/30899 -
References	~~() http://secunia.com/advisories/30908 -~~	() http://secunia.com/advisories/30908 -
References	~~() http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 -~~	() http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 -
References	~~() http://tomcat.apache.org/security-4.html -~~	() http://tomcat.apache.org/security-4.html -
References	~~() http://www.iss.net/security_center/static/8932.php -~~	() http://www.iss.net/security_center/static/8932.php -
References	~~() http://www.securityfocus.com/bid/4575 - Exploit~~	() http://www.securityfocus.com/bid/4575 - Exploit
References	~~() http://www.vupen.com/english/advisories/2008/1979/references -~~	() http://www.vupen.com/english/advisories/2008/1979/references -
References	~~() https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E -
References	~~() https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E -
References	~~() https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E -

07 Nov 2023, 01:56

Type	Values Removed	Values Added
References	{'url': 'https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/', 'tags': [], 'refsource': 'MLIST'}	() https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E -

Information

Published : 2002-12-31 05:00

Updated : 2024-11-20 23:42

NVD link : CVE-2002-2006

Mitre link : CVE-2002-2006

CVE.ORG link : CVE-2002-2006

JSON object : View

Products Affected

apache

tomcat

CWE

NVD-CWE-Other

5.0 /10