HTTP: Tomcat Samples Webroot Disclosure - Comments
This signature detects attempts to exploit a known vulnerability in one of the sample files that ships with Apache Tomcat, a free open source Java server. Upon receiving a request, the sample file script displays the webroot location. Attackers can use this information to perform targeted Web-based attacks, such as directory traversals.
Extended Description
Apache Tomcat is a freely available, open source web server maintained by the Apache Foundation. When Apache Tomcat is installed with a default configuration, several example files are also installed. When some of these example files are requested without any input, they will return an error containing the absolute path to the server's web root.
Affected Products
Apache_software_foundation tomcat
Short Name
HTTP:TOMCAT:JSP-COMMENTS
Severity
Info
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
- CVE-2002-2007 Comments Disclosure Samples Tomcat Webroot bid:4877
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Apache_software_foundation
CVSS Score
5.0