CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
Percentile
96.0%
Low: Information disclosure CVE-2000-0759
Requesting a JSP that does not exist results in an error page that includes the full file system page of the current context.
Affects: 3.1
Important: Information disclosure CVE-2000-0672
Access to the admin context is not protected. This context allows an attacker to mount an arbitary file system path as a context. Any files accessible from this file sytem path to the account under which Tomcat is running are then visible to the attacker.
Affects: 3.1