Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2002-2006

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

  • Published: Dec 31, 2002
  • Updated: Apr 13, 2023
  • CVE: CVE-2002-2006
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
apache / tomcat 3.1 3.1.x
apache / tomcat 3.2.1 3.2.1.x
apache / tomcat 3.2.4 3.2.4.x
apache / tomcat 3.0 3.0.x
apache / tomcat 4.0.3 4.0.3.x
apache / tomcat 4.0.1 4.0.1.x
apache / tomcat 4.1.0 4.1.0.x
apache / tomcat 3.1.1 3.1.1.x
apache / tomcat 4.0.2 4.0.2.x
apache / tomcat 4.0.0 4.0.0.x
apache / tomcat 3.2.3 3.2.3.x
apache / tomcat 3.2 3.2.x
apache / tomcat 3.3.1 3.3.1.x
apache / tomcat 3.3 3.3.x