CVE-2002-2009Information Exposure via Error Message in Apache Tomcat

CWE-209Information Exposure via Error Message6 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
3.2%
top 12.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedDec 31
Latest updateApr 30

Description

Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat4.0.1

🔴Vulnerability Details

3
GHSA
Apache Tomcat Leaks Pathname Information via Error Message2022-04-30
OSV
Apache Tomcat Leaks Pathname Information via Error Message2022-04-30
CVEList
CVE-2002-2009: Apache Tomcat 42005-07-14

💥Exploits & PoCs

1
Exploit-DB
Nuked-klaN SP4 - Remote File Inclusion2009-12-26

📋Vendor Advisories

1
Red Hat
CVE-2009-0653: OpenSSL, probably 0
CVE-2002-2009 — Information Exposure via Error Message | cvebase