CVE-2002-2006

Apache Tomcat <4.1, <3.3.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2006. PoCs published by CHINANSL Security Team.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in Apache Tomcat's example servlets (SnoopServlet and TroubleShooter), which reveal the installation path. No exploit code is provided.

Description

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

Exploits (1)

exploitdb WRITEUP VERIFIED

by CHINANSL Security Team · textremoteunix

https://www.exploit-db.com/exploits/21412

View Code ZIP pw:eip

This is a writeup describing an information disclosure vulnerability in Apache Tomcat's example servlets (SnoopServlet and TroubleShooter), which reveal the installation path. No exploit code is provided.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Apache Tomcat (versions with example servlets)

No auth needed

Prerequisites: Tomcat running with example servlets accessible

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11

Core References

Various Sources x_refsource_confirm

http://tomcat.apache.org/security-4.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30908

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30899

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1979/references

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/4575

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/8932.php

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Scores

EPSS 0.2985

EPSS Percentile 96.8%

Details

Status published

Products (15)

apache/tomcat 3.0

apache/tomcat 3.1

apache/tomcat 3.1.1

apache/tomcat 3.2

apache/tomcat 3.2.1

apache/tomcat 3.2.3

apache/tomcat 3.2.4

apache/tomcat 3.3

apache/tomcat 3.3.1

apache/tomcat 4.0.0

... and 5 more

Published Dec 31, 2002

Tracked Since Feb 18, 2026