Apache Tomcat Information Disclosure Vulnerability

vendor:

Tomcat

by:

SecurityFocus

7.5

CVSS

HIGH

Information Disclosure

200

CWE

Product Name: Tomcat

Affected Version From: Apache Tomcat 5.028

Affected Version To: Apache Tomcat 5.5.23, 5.5.9, and 5.5.7

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Apache Tomcat Information Disclosure Vulnerability

Apache Tomcat is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to reveal a complete directory listing from any directory. Information obtained may aid in further attacks. Reports indicate that this issue may also allow attackers to obtain the source code of script files.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/19106/info

Apache Tomcat is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input. 

An attacker can exploit this issue to reveal a complete directory listing from any directory. Information obtained may aid in further attacks. Reports indicate that this issue may also allow attackers to obtain the source code of script files.

Apache Tomcat 5.028, 5.5.23, 5.5.9, and 5.5.7 are vulnerable to this issue; other versions may also be affected.

Novell GroupWise Mobile Server 1.0 or other versions bundled with Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2 ship with an affected version of Tomcat and are vulnerable as well.

http://www.example.com/;index.jsp