CVE-2002-2006

Apache Tomcat <4.1, <3.3.1 - Info Disclosure

Title source: llm

Description

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

Exploits (1)

exploitdb WRITEUP VERIFIED

by CHINANSL Security Team · textremoteunix

https://www.exploit-db.com/exploits/21412

View Code ZIP pw:eip

References (11)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html

[Third Party Advisory] http://secunia.com/advisories/30899

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

[Various Sources] http://tomcat.apache.org/security-4.html

[Third Party Advisory] http://www.iss.net/security_center/static/8932.php

[Exploit] http://www.securityfocus.com/bid/4575

[Third Party Advisory] http://secunia.com/advisories/30908

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1979/references

[Mailing List] https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Scores

EPSS 0.3236

EPSS Percentile 96.9%

Details

Status published

Products (15)

apache/tomcat 3.0

apache/tomcat 3.1

apache/tomcat 3.1.1

apache/tomcat 3.2

apache/tomcat 3.2.1

apache/tomcat 3.2.3

apache/tomcat 3.2.4

apache/tomcat 3.3

apache/tomcat 3.3.1

apache/tomcat 4.0.0

... and 5 more

Published Dec 31, 2002

Tracked Since Feb 18, 2026