CVE-2000-0759

Name of the Vulnerable Software and Affected Versions Jakarta Tomcat version 3.1

Description The issue allows a remote attacker to obtain physical path information when requesting a non-existent URL, resulting in an error message that includes the physical path. This occurs because requesting a non-existent JSP page generates an error page that includes the full file system path of the current context.

Recommendations For Jakarta Tomcat version 3.1, consider configuring the server to handle errors in a way that does not reveal sensitive path information, such as by creating a custom error page. As a temporary workaround, restrict access to non-existent URLs to minimize the risk of exploitation.