| VID |
22112 |
| Severity |
30 |
| Port |
8080 |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Tomcat Java server has dangerous sample sources.
Tomcat is the free open source Java server. Multiple directory listing and web root location disclosure vulnerabilities have been found in the product, allowing a remote attacker to reveal sensitive information on the target host.
Normally '/examples/jsp/source.jsp' is used to look at the source code of programs within the examples directories. And '/test/realPath.jsp' gives the location of the webroot.
It's can be exploited by requesting the following URL:
http://webserver:80/examples/jsp/source.jsp??
http://webserver:80/examples/jsp/source.jsp?/jsp/
Affected Platforms:
* Apache Tomcat Java server versions 3.23 and 3.24 |
| Recommendation |
Delete the samples directory if not needed. |
| Related URL |
CVE-2002-2007 (CVE) |
| Related URL |
4876,4877,4878 (SecurityFocus) |
| Related URL |
9208 (ISS) |
|
