Home

CVE-2002-2006

Description

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

Risk Information

Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
32.359

Associated Vulnerability

VulnerabilityOS Platform
Update Tomcat to 9.5.14Windows
Update Tomcat to 9.5.5Windows
Update Tomcat to 9.5.7Windows
Update Tomcat to 9.5.8Windows
Update Tomcat to 9.6.10Windows
Update Tomcat to 9.6.3Windows
Update Tomcat to 9.6.4Windows
Update Tomcat to 9.6.7Windows
Update Tomcat to 9.6.8Windows
Update Tomcat to 2.4.5Windows
Update Tomcat to 3.0.14Windows
Vulnerabilities CVE-2002-2006,CVE-2003-0866 are fixed in Apache - tomcat 4.1.0Windows
Vulnerabilities CVE-2002-2006 are fixed in Apache - tomcat 3.3Windows
Update Tomcat to 9.5.14 (For Linux)Linux
Update Tomcat to 9.5.5 (For Linux)Linux
Update Tomcat to 9.5.7 (For Linux)Linux
Update Tomcat to 9.5.8 (For Linux)Linux
Update Tomcat to 9.6.10 (For Linux)Linux
Update Tomcat to 9.6.3 (For Linux)Linux
Update Tomcat to 9.6.4 (For Linux)Linux
Update Tomcat to 9.6.7 (For Linux)Linux
Update Tomcat to 9.6.8 (For Linux)Linux
Update Tomcat to 2.4.5 (For Linux)Linux
Update Tomcat to 3.0.14 (For Linux)Linux
Vulnerabilities CVE-2002-2006,CVE-2003-0866 are fixed in Apache - tomcat for Linux 4.1.0Linux
Vulnerabilities CVE-2002-2006 are fixed in Apache - tomcat for Linux 3.3Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234