header-logo
Suggest Exploit
vendor:
Tomcat
by:
SecurityFocus
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: Tomcat
Affected Version From: 3.1
Affected Version To: 3.1
Patch Exists: YES
Related CWE: N/A
CPE: a:apache:tomcat
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Tomcat JSP Vulnerability

A vulnerability exists in the JSP portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent JSP file, too much information is presented by the server as part of the error message. This information may be useful to a would be attacker in conducting further attacks.

Mitigation:

Ensure that the Tomcat server is running the latest version of the software and that all security patches have been applied.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1531/info

A vulnerability exists in the JSP portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent JSP file, too much information is presented by the server as part of the error message. This information may be useful to a would be attacker in conducting further attacks. 

http://narco.guerrilla.sucks.co:8080/anything.jsp

Error: 404
Location: /anything.jsp

JSP file "/appsrv2/jakarta-tomcat/webapps/ROOT/anything.jsp" not found

Navigation

Suggest Exploit

Services By CQR