Description

Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.

Remediation

References

CVE-2002-2008

Related Vulnerabilities

phpMyFAQ Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2023-0789)

WordPress Plugin Language Bar Flags Cross-Site Request Forgery (1.0.8)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2158)

WordPress Plugin CM Pop-Up banners for WordPress SQL Injection (1.5.10)

WordPress Plugin Photoracer 'id' Parameter SQL Injection (1.0)

Severity

Medium

Classification

CVE-2002-2008

Tags

Missing Update Known Vulnerabilities