CVE-2000-0672 in Tomcat
Summary
by MITRE
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 10/13/2025
The vulnerability described in CVE-2000-0672 represents a critical security flaw in the default configuration of Apache Jakarta Tomcat web server versions prior to 3.2.2. This issue stems from insufficient access controls within the administrative servlet implementation, specifically affecting the /admin context path that is exposed by default. The flaw allows remote attackers to bypass normal authentication mechanisms and directly access administrative functions through the web interface, creating a pathway for unauthorized file access and system compromise. The vulnerability is particularly dangerous because it leverages the default installation configuration where administrative servlets remain accessible without proper authorization checks.
The technical implementation of this vulnerability exploits the design of Tomcat's administrative servlets which do not properly validate access permissions for the /admin context. When attackers directly call the administrative servlets, they can manipulate the context path to point to the root directory of the server filesystem. This occurs because the default configuration fails to implement proper access control lists or authentication mechanisms that would normally restrict access to administrative functions. The vulnerability specifically affects the context management functionality where the system allows arbitrary context addition without verifying the caller's authorization level, enabling attackers to map the root directory context and subsequently read sensitive files.
The operational impact of CVE-2000-0672 is severe and multifaceted, potentially allowing attackers to extract sensitive information from the server including configuration files, application source code, database credentials, and other confidential data. This vulnerability can be exploited to gain unauthorized access to the underlying file system, potentially leading to complete system compromise. The flaw is particularly concerning in environments where Tomcat servers are deployed with default configurations without proper security hardening, as it requires no specialized tools or techniques beyond basic web browser access to exploit. The vulnerability essentially provides an attacker with a backdoor into the server's file system, enabling them to read any file that the Tomcat process has permission to access, which could include system configuration files, application data, and user information.
Security mitigations for this vulnerability involve implementing proper access controls and authentication mechanisms for administrative servlets, which aligns with the principle of least privilege as outlined in cybersecurity best practices. Organizations should immediately disable or restrict access to the default /admin context path, implement strong authentication for administrative functions, and ensure that all administrative interfaces require proper authorization before granting access. The fix typically involves modifying the Tomcat configuration files to either remove the default administrative context or to properly secure it with authentication mechanisms. This vulnerability demonstrates the importance of secure configuration management and the principle that default installations should not expose unnecessary administrative capabilities. According to CWE classification, this represents a weakness in the security configuration of the application, specifically related to inadequate access control. The vulnerability also maps to ATT&CK technique T1078 which covers valid accounts and privilege escalation, as attackers can leverage default administrative access to gain elevated privileges and access to sensitive system resources.