6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.062 Low
EPSS
Percentile
93.6%
Moderate: Information disclosure CVE-2002-2007
Non-standard requests to the sample applications installed by default could result in unexpected directory listings or disclosure of the full file system path for a JSP.
Affects: 3.2.3-3.2.4
Low: Information disclosure CVE-2002-2006, CVE-2000-0760
The snoop servlet installed as part of the examples includes output that identifies the Tomcat installation path. There are no plans to issue a an update to Tomcat 3.x for this issue.
Affects:3.1-3.1.1, 3.2-3.2.4
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | ge | 3.2.3 | |
apache tomcat | le | 3.2.4 |