Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-2007 — Apache Tomcat vulnerability

15 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

22.6%

top 4.14%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apache Tomcat

Timeline

PublishedDec 31

Latest updateApr 30

Description

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat3.2.3, 3.2.4+1

🔴Vulnerability Details

GHSA

GHSA-f436-gr4m-qq5w: The default installations of Apache Tomcat 3↗2022-04-30

▶

CVEList

CVE-2002-2007: The default installations of Apache Tomcat 3↗2005-07-14

▶

💥Exploits & PoCs

Exploit-DB

Apple QuickTime 7.2/7.3 (OSX/Windows) - RSTP Response Universal↗2007-11-29

▶

Exploit-DB

Socketmail 2.2.8 - 'fnc-readmail3.php' Remote File Inclusion↗2007-10-22

▶

Exploit-DB

AtomixMP3 2.3 - '.pls' Local Buffer Overflow↗2007-09-05

▶

Exploit-DB

PMB Services 3.0.13 - Multiple Remote File Inclusions↗2007-03-09

▶

Exploit-DB

Sami HTTP Server 2.0.1 - HTTP 404 Object not found Denial of Service↗2007-01-23

▶

📋Vendor Advisories

Red Hat

Flash plugin DNS rebinding↗2007-10-08

▶

💬Community

Bugzilla

CVE-2007-5275 Flash plugin DNS rebinding↗2007-11-05

▶

Bugzilla

A number of tomcat issues↗2007-05-09

▶