7.8
CVSSv2

CVE-2002-2272

Published: 31/12/2002 Updated: 29/07/2017
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 785
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote malicious users to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.

Affected Products

Vendor Product Versions
ApacheHttp Server1.3, 1.3.0, 1.3.1, 1.3.2, 1.3.10, 1.3.11, 1.3.12, 1.3.13, 1.3.14, 1.3.15, 1.3.16, 1.3.17, 1.3.18, 1.3.19, 1.3.20, 1.3.22, 1.3.23, 1.3.24, 1.3.25, 1.3.26, 1.3.27
ApacheTomcat4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.9, 4.1.10, 4.1.12

Exploits

source: wwwsecurityfocuscom/bid/6320/info Apache Webserver and Tomcat are HTTP servers maintained and distributed by the Apache project Apache Webserver and Tomcat are available for the Unix, Linux, and Microsoft Windows platforms It has been reported that a denial of service exists in Apache Webserver and Tomcat when mod_jk is used D ...