Description

The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.

Remediation

References

CVE-2000-0672

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2005-3453)

Liferay Portal Origin Validation Error Vulnerability (CVE-2022-25146)

ColdFusion 9 solr service exposed

WordPress Plugin WPtouch Security Bypass (3.4.2)

WordPress 4.3.x Denial of Service Vulnerability (4.3 - 4.3.15)

Severity

Medium

Classification

CVE-2000-0672

Tags

Missing Update Known Vulnerabilities