5

CVE-2002-1148

Exploit
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version3.0
ApacheTomcat Version3.1
ApacheTomcat Version3.1.1
ApacheTomcat Version3.2
ApacheTomcat Version3.2.1
ApacheTomcat Version3.2.2 Updatebeta2
ApacheTomcat Version3.2.3
ApacheTomcat Version3.2.4
ApacheTomcat Version3.3
ApacheTomcat Version3.3.1
ApacheTomcat Version4.0.0
ApacheTomcat Version4.0.1
ApacheTomcat Version4.0.2
ApacheTomcat Version4.0.3
ApacheTomcat Version4.0.4
ApacheTomcat Version4.1.0
ApacheTomcat Version4.1.3 Updatebeta
ApacheTomcat Version4.1.9 Updatebeta
ApacheTomcat Version4.1.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 16.82% 0.966
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://marc.info/?l=bugtraq&m=103288242014253&w=2
http://online.securityfocus.com/advisories/4758
http://www.debian.org/security/2002/dsa-170
http://www.iss.net/security_center/static/10175.php
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2002-217.html
http://www.redhat.com/support/errata/RHSA-2002-218.html
http://www.securityfocus.com/bid/5786
Patch
Vendor Advisory
Exploit