Summary
The remote Apache Tomcat Server is vulnerable to cross script scripting and path disclosure issues.
Description :
The default installation of Tomcat includes various sample jsp pages and servlets.
One of these, the 'TroubleShooter' servlet, discloses various information about the system on which Tomcat is installed. This servlet can also be used to perform cross-site scripting attacks against third party users.
Solution
Example files should not be left on production servers.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2002-2006 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness