Lucene search
HistoryJan 22, 2001 - 5:00 a.m.
CVE-2000-0672
jakarta tomcat
configuration
remote attackers
arbitrary files
admin context
cve-2000-0672
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
58.3%
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
Affected configurations
Node
apachetomcatMatch3.0
ORapachetomcatMatch3.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache:tomcat | apache tomcat | eq | 3.0 |
| apache:tomcat | apache tomcat | eq | 3.1 |
Related
nessus
nessus
Apache Tomcat contextAdmin Arbitrary File Access
2000-07-22 00:00:00
nvd
nvd
CVE-2000-0672
2000-07-20 04:00:00
cvelist
cvelist
CVE-2000-0672
2001-01-22 05:00:00
tomcat
tomcat
Fixed in Apache Tomcat 3.2
2001-01-22 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
58.3%
Related for CVE-2000-0672