Miggo Logo
Miggo Vulnerability Database
CVE-2000-0759

CVE-2000-0759: Jakarta Apache Tomcat Reveals Physical Paths

N/A

CVSS Score

Basic Information

CVE ID
CVE-2000-0759
GHSA ID
GHSA-qg4g-6jcq-rw93
EPSS Score
0.97166%
CWE
CWE-200
Published
4/30/2022
Updated
9/18/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.tomcat:tomcatmaven<= 3.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from Tomcat's error handling mechanism exposing physical paths in error messages. In Tomcat architecture, the DefaultServlet handles static resource requests. When a non-existent resource is requested, the servlet would throw an exception containing the filesystem path, which was then reflected in the error response. While exact code isn't available for Tomcat 3.1, this pattern matches historical descriptions of the vulnerability and aligns with common error disclosure patterns in Java servlet implementations. The confidence is high because this is the canonical component responsible for serving resources and generating 404 errors in Tomcat's architecture.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*k*rt* Tom**t *.* un**r *p**** r*v**ls p*ysi**l p*t* in*orm*tion w**n * r*mot* *tt**k*r r*qu*sts * URL t**t *o*s not *xist, w*i** **n*r*t*s *n *rror m*ss*** t**t in*lu**s t** p*ysi**l p*t*.

Reasoning

T** vuln*r**ility st*ms *rom Tom**t's *rror **n*lin* m****nism *xposin* p*ysi**l p*t*s in *rror m*ss***s. In Tom**t *r**it**tur*, t** ****ultS*rvl*t **n*l*s st*ti* r*sour** r*qu*sts. W**n * non-*xist*nt r*sour** is r*qu*st**, t** s*rvl*t woul* t*row