CVE-2002-1394

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

apache tomcat

remote attackers

server source code

vulnerability

cve-2002-1394

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

Affected configurations

NVD

Node

apachetomcatMatch4.0.0

apachetomcatMatch4.0.1

apachetomcatMatch4.0.2

apachetomcatMatch4.0.3

apachetomcatMatch4.0.4

apachetomcatMatch4.0.5

apachetomcatMatch4.1.0

apachetomcatMatch4.1.3beta

apachetomcatMatch4.1.9beta

apachetomcatMatch4.1.10

CPENameOperatorVersion
apache:tomcatapache tomcateq4.0.0
apache:tomcatapache tomcateq4.0.1
apache:tomcatapache tomcateq4.0.2
apache:tomcatapache tomcateq4.0.3
apache:tomcatapache tomcateq4.0.4
apache:tomcatapache tomcateq4.0.5
apache:tomcatapache tomcateq4.1.0
apache:tomcatapache tomcateq4.1.3
apache:tomcatapache tomcateq4.1.9
apache:tomcatapache tomcateq4.1.10

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	4.0.0
apache:tomcat	apache tomcat	eq	4.0.1
apache:tomcat	apache tomcat	eq	4.0.2
apache:tomcat	apache tomcat	eq	4.0.3
apache:tomcat	apache tomcat	eq	4.0.4
apache:tomcat	apache tomcat	eq	4.0.5
apache:tomcat	apache tomcat	eq	4.1.0
apache:tomcat	apache tomcat	eq	4.1.3
apache:tomcat	apache tomcat	eq	4.1.9
apache:tomcat	apache tomcat	eq	4.1.10