https://tomcat.apache.org/security-4.html#Fixed_in_Apache_Tomcat_4.1.0
or https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006 "The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets. " Dan ----- Original Message ----- > I found this information here > http://www.westpoint.ltd.uk/example-reports/samplereport_westpoint/files/detail_493213.htm > > > I don't see anything about affected versions. > > -Geet > > On Tue, Mar 27, 2012 at 7:20 PM, Mark Thomas <ma...@apache.org> > wrote: > > > On 27/03/2012 14:38, Geet Chandra wrote: > > > Using Tomcat version 6.0.35 > > > > In which case go back and read the vulnerability information again > > and > > pay more attention to the part about affected versions. > > > > You should also read the Tomcat security pages. > > > > Mark > > > > > > > > > > -Geet > > > > > > On Tue, Mar 27, 2012 at 7:02 PM, Mark Thomas <ma...@apache.org> > > > wrote: > > > > > >> On 27/03/2012 14:29, Geet Chandra wrote: > > >>> Here is the CVE Reference:CVE-2002-2006 > > >> > > >> And the Tomcat version you are using? > > >> > > >> Mark > > >> > > >>> > > >>> On Tue, Mar 27, 2012 at 6:51 PM, Mark Thomas <ma...@apache.org> > > >>> wrote: > > >>> > > >>>> On 27/03/2012 14:18, Geet Chandra wrote: > > >>>>> Hi All, > > >>>>> > > >>>>> Is there any solution or workaround for protection against > > >>>>> this > > >> security > > >>>>> vulnerability. > > >>>> > > >>>> What security vulnerability is this? Every published Tomcat > > >>>> security > > >>>> vulnerability has a CVE reference to uniquely identify it. > > >>>> What is the > > >>>> CVE reference for this issue? > > >>>> > > >>>> Mark > > >>>> > > >>>> --------------------------------------------------------------------- > > >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > >>>> For additional commands, e-mail: users-h...@tomcat.apache.org > > >>>> > > >>>> > > >>> > > >>> > > >> > > >> > > >> --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > >> For additional commands, e-mail: users-h...@tomcat.apache.org > > >> > > >> > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > -- > Thanks & Regards > Geet > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
