Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:TOMCAT:JSP-BUFFER
Severity	Info
Recommended	No
Category	HTTP
Keywords	Tomcat Samples Webroot Disclosure - Buffer
Release Date	2003/04/22
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Tomcat Samples Webroot Disclosure - Buffer

This signature detects attempts to exploit a known vulnerability in one of the sample files that ships with Apache Tomcat, a free open source Java server. Upon receiving a request, the sample file script displays the Webroot location. Attackers can use this information to perform targeted Web-based attacks, such as directory traversals.

Extended Description

Apache Tomcat is a freely available, open source web server maintained by the Apache Foundation. When Apache Tomcat is installed with a default configuration, several example files are also installed. When some of these example files are requested without any input, they will return an error containing the absolute path to the server's web root.

Affected Products

Apache_software_foundation tomcat 3.2.3
Apache_software_foundation tomcat 3.2.4

References

BugTraq: 4877
URL: http://jakarta.apache.org/tomcat/index.html
URL: http://tomcat.apache.org/tomcat-3.3-doc/tomcat-apache-howto.html

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Tomcat Samples Webroot Disclosure - Buffer

Extended Description

Affected Products

References