HTTP: Tomcat realPath.jsp Malformed Request

This signature detects attempts to exploit a known vulnerability in realPath.jsp, an example program that ships by default with Apache Tomcat, a free open source Java server. Upon receiving a request, realPath.jsp displays the DocumentRoot directory of the Web server software. Attackers can use this information to perform targeted Web-based attacks, such as directory traversals.

Extended Description

Apache Tomcat is a freely available, open source web server maintained by the Apache Foundation. Under some circumstances, Tomcat may yield sensitive information about the web server configuration. When the realPath.jsp page is accessed, it may leak information. Upon being accessed, the realPath.jsp page will display the web root directory of the Tomcat implementation.

Affected Products

Apache_software_foundation tomcat

Short Name
HTTP:TOMCAT:REAL-PATH-REQ
Severity
Info
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Malformed Request Tomcat bid:4878 realPath.jsp
Release Date
04/22/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Rarely
Vendors

Apache_software_foundation

Found a potential security threat?