CVE-2002-2006: Apache Tomcat Default Installation Reveals Sensitive Information
(updated )
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
References
- sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
- tomcat.apache.org/security-4.html
- github.com/advisories/GHSA-8g4f-fh7f-4fwh
- lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
- lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
- lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
- nvd.nist.gov/vuln/detail/CVE-2002-2006
- web.archive.org/web/20020602051837/http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html
- web.archive.org/web/20021026082659/http://online.securityfocus.com/bid/4575
- web.archive.org/web/20030104173336/http://www.iss.net/security_center/static/8932.php
Detect and mitigate CVE-2002-2006 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →