CVE-2002-2007
CVE-2002-2007
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
Productos afectados
n/a · n/aPoCs públicas encontradas — 3
exploitdbwww.exploit-db.com/exploits/21492no verificadoexploitdbwww.exploit-db.com/exploits/21490no verificadoexploitdbwww.exploit-db.com/exploits/21491no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://cert.uni-stuttgart.de/archive/bugtraq/2002/05/msg00272.htmlhttp://cert.uni-stuttgart.de/archive/bugtraq/2002/05/msg00275.htmlhttp://www.iss.net/security_center/static/9208.phphttp://www.kb.cert.org/vuls/id/116963http://www.procheckup.com/security_info/vuln_pr0205.htmlhttp://www.procheckup.com/security_info/vuln_pr0206.htmlhttp://www.procheckup.com/security_info/vuln_pr0207.htmlhttp://www.securityfocus.com/bid/4876http://www.securityfocus.com/bid/4877http://www.securityfocus.com/bid/4878