CVE-2002-2006 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=4.0.0 <4.1.0 || >=3.0 <3.3a

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.32359 pctl0.96699

Details

Apache Tomcat Default Installation Reveals Sensitive Information The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

Metadata

Created: 2022-04-30T18:22:18Z
Modified: 2024-02-12T20:18:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-8g4f-fh7f-4fwh/GHSA-8g4f-fh7f-4fwh.json
CWE IDs: []
Alternative ID: GHSA-8g4f-fh7f-4fwh
Finding: F308
Auto approve: 1