Apache Tomcat Servlet泄露安装路径漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106700 漏洞类型 配置错误
发布时间 2002-04-23 更新时间 2008-09-05
CVE编号 CVE-2002-2006 CNNVD-ID CNNVD-200212-677
漏洞平台 Unix CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/21412
https://www.securityfocus.com/bid/4575
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-677
|漏洞详情
ApacheTomcat是一款免费的用于JAVAServlet和Javaserver页技术的Servlet实现。ApacheTomcat包含的两个样例类存在漏洞,可导致系统敏感信息泄露。攻击者可以向服务器请求Tomcat包含的两个样例类(SnoopServlet和TroubleShooter),可导致服务程序返回包含Tomcat安装路径的信息给攻击者。攻击者可以根据这些敏感信息对系统进一步进行攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/4575/info

Apache Tomcat is a servlet container for use with the Java Servlet and JavaServer Pages technologies. Tomcat may be run on most UNIX and Linux variants as well as Microsoft Windows. 

Apache Tomcat ships with a number of example classes (SnoopServlet and TroubleShooter) that may reveal the absolute path of the Tomcat installation when requested. 

Disclosure of this type of sensitive information may aid in further attacks against the host running the vulnerable software.

http://localhost:8080/examples/servlet/SnoopServlet 
http://localhost:8080/examples/servlet/TroubleShooter
|受影响的产品
Sun Solaris 9_x86 Sun Solaris 9_sparc Sun Solaris 9 Sun Solaris 10_x86 Sun Solaris 10_sparc Sun Solaris 10 Apache Tomcat 4.1
|参考资料

来源:BID
名称:4575
链接:http://www.securityfocus.com/bid/4575
来源:XF
名称:tomcat-example-class-information(8932)
链接:http://www.iss.net/security_center/static/8932.php
来源:BUGTRAQ
名称:20020422Tomcatrealpathdisclosure(2)
链接:http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html
来源:VUPEN
名称:ADV-2008-1979
链接:http://www.frsirt.com/english/advisories/2008/1979/references
来源:tomcat.apache.org
链接:http://tomcat.apache.org/security-4.html
来源:SUNALERT
名称:239312
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
来源:SECUNIA
名称:30908
链接:http://secunia.com/advisories/30908
来源:SECUNIA
名称:30899
链接:http://secunia.com/advisories/30899
来源:NSFOCUS
名称:2662
链接:http://www.nsfocus.net/vulndb/2662