Apache Tomcat Examples Web Root Path Disclosure

Medium Nessus Plugin ID 50688


The remote Apache Tomcat server is affected by an information disclosure vulnerability.


The instance of Apache Tomcat listening on the remote host is affected by an information disclosure vulnerability. An attacker is able to determine the Tomcat application's web root path by requesting any one of numerous example files.


Upgrade to 3.3a or later.

See Also


Plugin Details

Severity: Medium

ID: 50688

File Name: tomcat_examples_webroot_disclosure.nasl

Version: $Revision: 1.11 $

Type: remote

Family: Web Servers

Published: 2010/11/23

Modified: 2018/01/24

Dependencies: 39446

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:W/RC:ND


Base Score: 5.3

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:W/RC:X

Vulnerability Information

CPE: cpe:/a:apache:tomcat

Required KB Items: installed_sw/Apache Tomcat

Exploit Available: true

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 2002/01/14

Vulnerability Publication Date: 2002/05/29

Reference Information

CVE: CVE-2002-2007

BID: 4877, 4878

OSVDB: 13304, 14580