Description
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
Exploits (3)
exploitdb
WRITEUP
VERIFIED
by Richard Brain · textremotemultiple
https://www.exploit-db.com/exploits/21491
exploitdb
WRITEUP
VERIFIED
by Richard Brain · textremotemultiple
https://www.exploit-db.com/exploits/21490
exploitdb
WRITEUP
VERIFIED
by Richard Brain · textremotemultiple
https://www.exploit-db.com/exploits/21492
References (10)
Core 10
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/116963
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4876
Various Sources x_refsource_misc
http://www.procheckup.com/security_info/vuln_pr0206.html
Various Sources x_refsource_misc
http://www.procheckup.com/security_info/vuln_pr0205.html
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9208.php
Exploit mailing-list
x_refsource_bugtraq
http://cert.uni-stuttgart.de/archive/bugtraq/2002/05/msg00275.html
Exploit mailing-list
x_refsource_bugtraq
http://cert.uni-stuttgart.de/archive/bugtraq/2002/05/msg00272.html
Various Sources x_refsource_misc
http://www.procheckup.com/security_info/vuln_pr0207.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4877
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4878
Scores
EPSS
0.2261
EPSS Percentile
95.9%
Details
Status
published
Products (2)
apache/tomcat
3.2.3
apache/tomcat
3.2.4
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026