CVE-2002-1394

EPSS 5.35%
Veröffentlicht 17.01.2003 05:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version4.0.0

Apache ≫ Tomcat Version4.0.1

Apache ≫ Tomcat Version4.0.2

Apache ≫ Tomcat Version4.0.3

Apache ≫ Tomcat Version4.0.4

Apache ≫ Tomcat Version4.0.5

Apache ≫ Tomcat Version4.1.0

Apache ≫ Tomcat Version4.1.3 Updatebeta

Apache ≫ Tomcat Version4.1.9 Updatebeta

Apache ≫ Tomcat Version4.1.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.35%	0.897

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

http://issues.apache.org/bugzilla/show_bug.cgi?id=13365

http://marc.info/?l=bugtraq&m=103470282514938&w=2

http://marc.info/?l=tomcat-dev&m=103417249325526&w=2

http://www.debian.org/security/2003/dsa-225

http://www.redhat.com/support/errata/RHSA-2003-075.html

http://www.redhat.com/support/errata/RHSA-2003-082.html

http://www.securityfocus.com/bid/6562

https://exchange.xforce.ibmcloud.com/vulnerabilities/10376

https://nvd.nist.gov/vuln/detail/CVE-2002-1394

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2002-1394

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2002-1394

EUVD