CVE-2002-2008 — Information Exposure via Error Message in Apache Tomcat

CWE-209 — Information Exposure via Error Message10 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

7.1%

top 8.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat

Timeline

PublishedDec 31

Latest updateApr 30

Description

Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat4.0.3

Patches

Patch: archives.neohapsis.com ↗Patch: www.iss.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

OSV

Apache Tomcat Leaks Information via Error Message↗2022-04-30

▶

GHSA

Apache Tomcat Leaks Information via Error Message↗2022-04-30

▶

CVEList

CVE-2002-2008: Apache Tomcat 4↗2005-07-14

▶

💥Exploits & PoCs

Exploit-DB

ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)↗2015-09-06

▶

Exploit-DB

Nuked-klaN SP4 - Remote File Inclusion↗2009-12-26

▶

Exploit-DB

Microsoft Word 2000/2002 - Bulleted List Handling Remote Memory Corruption↗2008-06-17

▶

Exploit-DB

DivXDB 2002 0.94b - Multiple Cross-Site Scripting Vulnerabilities↗2008-04-02

▶

Exploit-DB

Fully Modded phpBB - 'kb.php' SQL Injection↗2008-03-12

▶

📋Vendor Advisories

Red Hat

uw-imap: buffer overflow in dmail and tmail↗2008-10-31

▶