Description

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

Remediation

References

CVE-2002-2006

Related Vulnerabilities

Ruby Use of Externally-Controlled Format String Vulnerability (CVE-2018-8778)

WordPress Plugin SoundCloud Is Gold Cross-Site Scripting (2.3.1)

WordPress Plugin Listing, Classified Ads & Business Directory-uListing Arbitrary File Upload (1.2.1)

WordPress Plugin RoyalSlider Cross-Site Scripting (3.2.4)

WildFly Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1047)

Severity

Medium

Classification

CVE-2002-2006

Tags

Missing Update Known Vulnerabilities