|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-03-04 | |
| Rule Name: | Apache Tomcat Servlet Infomation Disclosure Vulnerability (CVE-2002-2006) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | SecurityFocusBID:4575 http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html http://secunia.com/advisories/30899 http://secunia.com/advisories/30908 |
|
| Solutions |
|---|
| Download the patched versions and above of Tomcat. Patched versions: latest version, reference: https://tomcat.apache.org/Upgrade Tomcat on Windows:Download the zip archive from the official websiteUnzip the archiveRun Tomcat: {Tomcat home}\bin\startup.batUpgrade Tomcat on Linux:Download tgz archive from the official websiteUnzip the archive to the current directory: tar -zxvf {archived file name}Run Tomcat: {Tomcat home}/bin/startup |