Lucene search

[email protected]CVE-2002-1567

HistoryOct 06, 2003 - 4:00 a.m.

CVE-2002-1567

2003-10-0604:00:00

[email protected]

web.nvd.nist.gov

apache

tomcat

xss

vulnerability

remote attack

script execution

cookie theft

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%

JSON

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.

Affected configurations

NVD

Node

apachetomcatMatch4.1.0

CPENameOperatorVersion
apache:tomcatapache tomcateq4.1.0

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	4.1.0

References

archives.neohapsis.com/archives/vuln-dev/2002-q3/0482.html

tomcat.apache.org/security-4.html

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%

JSON

Related for CVE-2002-1567

osv1 nvd1 github1 cvelist1 nessus1 tomcat1