7.8
HIGH

CVE-2002-2272

Published: 31/12/2002 Updated: 29/07/2017
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

Vulnerability Summary

Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Affected Products

Vendor Product Versions
ApacheHttp Server1.3, 1.3.0, 1.3.1, 1.3.2, 1.3.10, 1.3.11, 1.3.12, 1.3.13, 1.3.14, 1.3.15, 1.3.16, 1.3.17, 1.3.18, 1.3.19, 1.3.20, 1.3.22, 1.3.23, 1.3.24, 1.3.25, 1.3.26, 1.3.27
ApacheTomcat4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.9, 4.1.10, 4.1.12

Exploits

source: wwwsecurityfocuscom/bid/6320/info Apache Webserver and Tomcat are HTTP servers maintained and distributed by the Apache project Apache Webserver and Tomcat are available for the Unix, Linux, and Microsoft Windows platforms It has been reported that a denial of service exists in Apache Webserver and Tomcat when mod_jk is used D ...

References