Apache Tomcat Examples Web Root Path Disclosure

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote Apache Tomcat service is affected by an information
disclosure vulnerability.

Description :

The instance of Apache Tomcat listening on the remote host is
affected by an information disclosure vulnerability. An attacker is
able to determine the Tomcat application's web root path by requesting
any one of numerous example files.

See also :

http://tomcat.apache.org/security-3.html#Fixed_in_Apache_Tomcat_3.3a

Solution :

Upgrade to 3.3a or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:H/RL:W/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 50688 ()

Bugtraq ID: 4877
4878

CVE ID: CVE-2002-2007