Apache Tomcat TroubleShooter Servlet Installed

Published: 2005-11-03 13:08:04
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Recommendations:
Example files should not be left on production servers.

Summary:
The remote Apache Tomcat Server is vulnerable to cross script scripting and path disclosure issues.

Technical Details:
The default installation of Tomcat includes various sample jsp pages and servlets. One of these, the 'TroubleShooter' servlet, discloses various information about the system on which Tomcat is installed. This servlet can also be used to perform cross-site scripting attacks against third party users.

Solution Type:
Mitigation

Detection Type:
Remote Vulnerability

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2002-2006

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/4575

Search
Severity
Medium
CVSS Score
5.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.