Description

The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.

Remediation

References

CVE-2000-0672

Related Vulnerabilities

WordPress Plugin Gutenberg Blocks by WordPress Download Manager Cross-Site Scripting (2.1.8)

Oracle JRE CVE-2013-5832 Vulnerability (CVE-2013-5832)

OpenSSL Numeric Errors Vulnerability (CVE-2012-2131)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2367)

Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2022-34253)

Severity

Medium

Classification

CVE-2000-0672

Tags

Missing Update Known Vulnerabilities