CVE-2000-0672

Name of the Vulnerable Software and Affected Versions Jakarta Tomcat (affected versions not specified)

Description The issue concerns the default configuration of Jakarta Tomcat, where access to the /admin context is not restricted. This allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory. Specifically, the admin context is not protected, enabling an attacker to mount an arbitrary file system path as a context. As a result, any files accessible from this file system path to the account under which Tomcat is running are then visible to the attacker.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.