7.8
HIGH

CVE-2002-2272

Published: 31/12/2002 Updated: 29/07/2017
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

Vulnerability Summary

Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Affected Products

Vendor Product Versions
ApacheHttp Server1.3, 1.3.0, 1.3.1, 1.3.2, 1.3.10, 1.3.11, 1.3.12, 1.3.13, 1.3.14, 1.3.15, 1.3.16, 1.3.17, 1.3.18, 1.3.19, 1.3.20, 1.3.22, 1.3.23, 1.3.24, 1.3.25, 1.3.26, 1.3.27
ApacheTomcat4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.9, 4.1.10, 4.1.12

EDB Exploits

References