7.5
CVSSv2

CVE-2002-1394

CVSSv4: NA | CVSSv3: NA | CVSSv2: 7.5 | VMScore: 850 | EPSS: 0.0026 | KEV: Not Included
Published: 17/01/2003 Updated: 20/11/2024

Vulnerability Summary

Apache Tomcat 4.0.5 and previous versions, when using both the invoker servlet and the default servlet, allows remote malicious users to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 4.0.0

apache tomcat 4.0.1

apache tomcat 4.0.2

apache tomcat 4.0.3

apache tomcat 4.0.4

apache tomcat 4.0.5

apache tomcat 4.1.0

apache tomcat 4.1.3

apache tomcat 4.1.9

apache tomcat 4.1.10

References

NVD-CWE-Otherhttps://nvd.nist.govhttps://www.first.org/epsshttp://issues.apache.org/bugzilla/show_bug.cgi?id=13365http://marc.info/?l=bugtraq&m=103470282514938&w=2http://marc.info/?l=tomcat-dev&m=103417249325526&w=2http://www.debian.org/security/2003/dsa-225http://www.redhat.com/support/errata/RHSA-2003-075.htmlhttp://www.redhat.com/support/errata/RHSA-2003-082.htmlhttp://www.securityfocus.com/bid/6562https://exchange.xforce.ibmcloud.com/vulnerabilities/10376https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttp://issues.apache.org/bugzilla/show_bug.cgi?id=13365http://marc.info/?l=bugtraq&m=103470282514938&w=2http://marc.info/?l=tomcat-dev&m=103417249325526&w=2http://www.debian.org/security/2003/dsa-225http://www.redhat.com/support/errata/RHSA-2003-075.htmlhttp://www.redhat.com/support/errata/RHSA-2003-082.htmlhttp://www.securityfocus.com/bid/6562https://exchange.xforce.ibmcloud.com/vulnerabilities/10376https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E