header-logo
Suggest Exploit
vendor:
Jakarta Tomcat
by:
SecurityFocus
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: Jakarta Tomcat
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Jakarta Tomcat Error Message Disclosure Vulnerability

When a malformed request is made for a Java Server Page, the server displays an error page which contains potentially sensitive information, along with the absolute path of the JSP file on the webserver, which may aid in further attacks.

Mitigation:

Configure Jakarta Tomcat to display an alternate error file.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3199/info

When a malformed request is made for a Java Server Page the server displays an error page. The error page contains potentially sensitive information, along with the absolute path of the JSP file on the webserver, which may aid in further attacks.

Jakarta Tomcat can be configured to display an alternate error file. By default it is not. 

http://webserver.com/\java.jsp

Navigation

Suggest Exploit

Services By CQR