Apache Tomcat Examples Web Root Path Disclosure

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Apache Tomcat server is affected by an information
disclosure vulnerability.

Description :

The instance of Apache Tomcat listening on the remote host is affected
by an information disclosure vulnerability. An attacker is able to
determine the Tomcat application's web root path by requesting any one
of numerous example files.

See also :

http://tomcat.apache.org/security-3.html#Fixed_in_Apache_Tomcat_3.3a

Solution :

Upgrade to 3.3a or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:H/RL:W/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 50688 ()

Bugtraq ID: 4877
4878

CVE ID: CVE-2002-2007

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial