CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
73.5%
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory.
A remote attacker could possibly obtain information such as configuration or user credentials contained in the application which resides under the WEB-INF directory.
Update the Software
Update to Apache Tomcat 6.0.20 according to the information provided by the developer.
For Apache Tomcat 5.5.x and Apache Tomcat 4.1.x:
As of June 9, 2009, The Apache Tomcat Project has not yet released the latest versions resolving the vulnerability. Users of Apache Tomcat 5.5.x and 4.1.x should obtain the latest source code from svn, or update to Apache Tomcat 5.5.28 and 4.1.40 once they are released.
For more information, refer to the developer’s website.