Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2002-2006 | First vendor Publication | 2002-12-31 |
| Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2005-11-03 | Name : Apache Tomcat TroubleShooter Servlet Installed File : nvt/apache_Tomcat_TroubleShooter.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 9695 | Apache Tomcat SnoopServlet Servlet Information Disclosure Apache Tomcat contains a sample servlet that discloses sensitive information. The SnoopServlet example servlet (/examples/jsp/snp/snoop.jsp) is used to demonstrate functionality of the application server. This servlet discloses operating system information and the full path to the installation directory. An attacker could use this information to launch targeted attacks against the affected system. |
| 849 | Apache Tomcat TroubleShooter Servlet Information Disclosure The Tomcat Java application server contains a sample servlet that discloses sensitive information. The TroubleShooter example servlet is used to demonstrate functionality of the application server. This servlet discloses operating system information and the full path to the installation directory. An attacker could use this information to launch targeted attacks against the affected system. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Apache Tomcat SnoopServlet servlet access RuleID : 1830-community - Revision : 15 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Tomcat SnoopServlet servlet access RuleID : 1830 - Revision : 15 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Tomcat TroubleShooter servlet access RuleID : 1829-community - Revision : 15 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Tomcat TroubleShooter servlet access RuleID : 1829 - Revision : 15 - Type : SERVER-APACHE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-11-04 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_4_1_0.nasl - Type : ACT_GATHER_INFO |
| 2002-07-15 | Name : The remote web server is affected by a path disclosure issue. File : apache_Tomcat_TroubleShooter.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2023-11-07 21:48:11 |
|
| 2021-05-04 12:01:52 |
|
| 2021-04-22 01:02:00 |
|
| 2020-05-23 00:15:14 |
|
| 2019-03-25 17:18:56 |
|
| 2019-03-21 21:19:08 |
|
| 2016-04-26 12:24:33 |
|
| 2014-02-17 10:25:36 |
|
| 2014-01-19 21:21:52 |
|
| 2013-05-11 12:15:05 |
|
