CVE-2002-2007

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 3.2.3 through 3.2.4

Description The issue allows remote attackers to obtain sensitive system information, such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in specific directories. Non-standard requests to the sample applications installed by default could result in unexpected directory listings or disclosure of the full file system path for a JSP.

Recommendations For Apache Tomcat versions 3.2.3 and 3.2.4, consider restricting access to the test/jsp, samples/jsp, and examples/jsp directories, as well as the test/realPath.jsp servlet, to minimize the risk of exploitation. As a temporary workaround, consider disabling the sample applications installed by default until a patch is available.