CVE-2002-2006 | Vulnerability Database | Aqua Security

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

Affected Software

Name	Vendor	Start Version	End Version
Tomcat	Apache	3.0 (including)	3.0 (including)
Tomcat	Apache	3.1 (including)	3.1 (including)
Tomcat	Apache	3.1.1 (including)	3.1.1 (including)
Tomcat	Apache	3.2 (including)	3.2 (including)
Tomcat	Apache	3.2.1 (including)	3.2.1 (including)
Tomcat	Apache	3.2.3 (including)	3.2.3 (including)
Tomcat	Apache	3.2.4 (including)	3.2.4 (including)
Tomcat	Apache	3.3 (including)	3.3 (including)
Tomcat	Apache	3.3.1 (including)	3.3.1 (including)
Tomcat	Apache	4.0.0 (including)	4.0.0 (including)
Tomcat	Apache	4.0.1 (including)	4.0.1 (including)
Tomcat	Apache	4.0.2 (including)	4.0.2 (including)
Tomcat	Apache	4.0.3 (including)	4.0.3 (including)
Tomcat	Apache	4.1.0 (including)	4.1.0 (including)

References

http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html
http://secunia.com/advisories/30899
http://secunia.com/advisories/30908
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
http://tomcat.apache.org/security-4.html
http://www.iss.net/security_center/static/8932.php
http://www.securityfocus.com/bid/4575
http://www.vupen.com/english/advisories/2008/1979/references
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-2006
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html