header-logo
Suggest Exploit
vendor:
Tomcat
by:
SecurityFocus
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: Tomcat
Affected Version From: Tomcat 4.1.0
Affected Version To: Tomcat 6.0.16
Patch Exists: YES
Related CWE: N/A
CPE: a:apache:tomcat
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2008

Apache Tomcat Remote Information Disclosure Vulnerability

Apache Tomcat is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks.

Mitigation:

Upgrade to the latest version of Apache Tomcat to mitigate this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/30494/info

Apache Tomcat is prone to a remote information-disclosure vulnerability.

Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks.

The following versions are affected:

Tomcat 4.1.0 through 4.1.37
Tomcat 5.5.0 through 5.5.26
Tomcat 6.0.0 through 6.0.16

Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.

http://www.example.com/page.jsp?blah=/../WEB-INF/web.xml

Navigation

Suggest Exploit

Services By CQR