Lucene search
GitHub Advisory DatabaseGHSA-QG4G-6JCQ-RW93HistoryApr 30, 2022 - 6:14 p.m.
Jakarta Apache Tomcat Reveals Physical Paths
2022-04-3018:14:15
CWE-200
GitHub Advisory Database
github.com
7
jakarta tomcat
apache
physical paths
remote attacker
error message
software
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
0.159
Percentile
96.0%
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
Affected configurations
Node
org.apache.tomcat\Matchtomcat
Related
osv
osv
Jakarta Apache Tomcat Reveals Physical Paths
2022-04-30 18:14:15
cvelist
cvelist
CVE-2000-0759
2000-09-21 04:00:00
nessus
nessus
Apache Tomcat Nonexistent File Error Message Path Disclosure
2001-11-25 00:00:00
veracode
veracode
Information Disclosure
2019-03-25 08:40:40
nvd
nvd
CVE-2000-0759
2000-10-20 04:00:00
cve
cve
CVE-2000-0759
2000-10-20 04:00:00
tomcat
tomcat
Fixed in Apache Tomcat 3.2
2001-01-22 00:00:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
0.159
Percentile
96.0%
Related for GHSA-QG4G-6JCQ-RW93