Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-2006Acceptance of Extraneous Untrusted Data With Trusted Data in Apache Tomcat

CWE-349Acceptance of Extraneous Untrusted Data With Trusted Data25 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
32.4%
top 3.15%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Tomcat
Timeline
PublishedDec 31
Latest updateApr 30

Description

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat14 versions+13

🔴Vulnerability Details

3
OSV
Apache Tomcat Default Installation Reveals Sensitive Information2022-04-30
GHSA
Apache Tomcat Default Installation Reveals Sensitive Information2022-04-30
CVEList
CVE-2002-2006: The default installation of Apache Tomcat 42005-07-14

💥Exploits & PoCs

12
Exploit-DB
Fully Modded phpBB - 'kb.php' SQL Injection2008-03-12
Exploit-DB
Socketmail 2.2.8 - 'fnc-readmail3.php' Remote File Inclusion2007-10-22
Exploit-DB
PMB Services 3.0.13 - Multiple Remote File Inclusions2007-03-09
Exploit-DB
x-news 1.1 - 'users.txt' Remote Password Disclosure2006-12-30
Exploit-DB
N/X WCMS 4.1 - 'nxheader.inc.php' Remote File Inclusion2006-10-27

📋Vendor Advisories

2
Red Hat
security flaw2006-11-21
Red Hat
security flaw2006-04-24

📐Framework References

1
CWE
Acceptance of Extraneous Untrusted Data With Trusted Data

💬Community

5
Bugzilla
CVE-2006-1990 security flaw2018-08-16
Bugzilla
CVE-2006-6097 security flaw2018-08-16
Bugzilla
A number of tomcat issues2007-05-09
Bugzilla
CVE-2002-2214 php imap To header buffer overflow2006-06-15
Bugzilla
Multiple tar issues (CVE-2005-1918, CVE-2006-0300)2006-03-02
CVE-2002-2006 — Apache Tomcat vulnerability | cvebase