Published: 31/12/2002 Updated: 29/07/2017

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 785

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Tomcat 4.0 up to and including 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 up to and including 1.3.27, allows remote malicious users to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server 1.3.11
apache http server 1.3.12
apache http server 1.3.13
apache http server 1.3.14
apache http server 1.3.20
apache http server 1.3.22
apache tomcat 4.0.2
apache tomcat 4.0.3
apache tomcat 4.1.12
apache tomcat 4.1.2
apache http server 1.3
apache http server 1.3.0
apache http server 1.3.15
apache http server 1.3.16
apache http server 1.3.23
apache http server 1.3.24
apache tomcat 4.0.4
apache tomcat 4.0.5
apache tomcat 4.1.3
apache http server 1.3.19
apache http server 1.3.2
apache tomcat 4.0.0
apache tomcat 4.0.1
apache tomcat 4.1.1
apache tomcat 4.1.10
apache http server 1.3.1
apache http server 1.3.10
apache http server 1.3.17
apache http server 1.3.18
apache http server 1.3.25
apache http server 1.3.26
apache http server 1.3.27
apache tomcat 4.0.6
apache tomcat 4.1.0
apache tomcat 4.1.9

source: wwwsecurityfocuscom/bid/6320/info Apache Webserver and Tomcat are HTTP servers maintained and distributed by the Apache project Apache Webserver and Tomcat are available for the Unix, Linux, and Microsoft Windows platforms It has been reported that a denial of service exists in Apache Webserver and Tomcat when mod_jk is used D ...

CWE-119 http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html http://www.securityfocus.com/bid/6320 https://exchange.xforce.ibmcloud.com/vulnerabilities/10771 https://nvd.nist.gov https://www.exploit-db.com/exploits/22068/

CVE-2002-2272

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect