Lucene search

MitreCVE-2002-2272

HistoryOct 18, 2007 - 10:00 a.m.

CVE-2002-2272

2007-10-1810:00:00

CWE-119

mitre

web.nvd.nist.gov

235

tomcat

apache

mod_jk

denial of service

dos

cve-2002-2272

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.7

Confidence

High

EPSS

0.015

Percentile

87.3%

JSON

Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.

Affected configurations

Nvd

Node

apachehttp_serverMatch1.3

apachehttp_serverMatch1.3.0

apachehttp_serverMatch1.3.1

apachehttp_serverMatch1.3.2

apachehttp_serverMatch1.3.10

apachehttp_serverMatch1.3.11

apachehttp_serverMatch1.3.12

apachehttp_serverMatch1.3.13

apachehttp_serverMatch1.3.14

apachehttp_serverMatch1.3.15

apachehttp_serverMatch1.3.16

apachehttp_serverMatch1.3.17

apachehttp_serverMatch1.3.18

apachehttp_serverMatch1.3.19

apachehttp_serverMatch1.3.20

apachehttp_serverMatch1.3.22

apachehttp_serverMatch1.3.23

apachehttp_serverMatch1.3.24

apachehttp_serverMatch1.3.25

apachehttp_serverMatch1.3.26

apachehttp_serverMatch1.3.27

apachetomcatMatch4.0.0

apachetomcatMatch4.0.1

apachetomcatMatch4.0.2

apachetomcatMatch4.0.3

apachetomcatMatch4.0.4

apachetomcatMatch4.0.5

apachetomcatMatch4.0.6

apachetomcatMatch4.1.0

apachetomcatMatch4.1.1

apachetomcatMatch4.1.2

apachetomcatMatch4.1.3

apachetomcatMatch4.1.3beta

apachetomcatMatch4.1.9beta

apachetomcatMatch4.1.10

apachetomcatMatch4.1.12

VendorProductVersionCPE
apachehttp_server1.3cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
apachehttp_server1.3.0cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*
apachehttp_server1.3.1cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
apachehttp_server1.3.2cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*
apachehttp_server1.3.10cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*
apachehttp_server1.3.11cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
apachehttp_server1.3.12cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
apachehttp_server1.3.13cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*
apachehttp_server1.3.14cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
apachehttp_server1.3.15cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	http_server	1.3	cpe:2.3:a:apache:http_server:1.3:::::::*
apache	http_server	1.3.0	cpe:2.3:a:apache:http_server:1.3.0:::::::*
apache	http_server	1.3.1	cpe:2.3:a:apache:http_server:1.3.1:::::::*
apache	http_server	1.3.2	cpe:2.3:a:apache:http_server:1.3.2:::::::*
apache	http_server	1.3.10	cpe:2.3:a:apache:http_server:1.3.10:::::::*
apache	http_server	1.3.11	cpe:2.3:a:apache:http_server:1.3.11:::::::*
apache	http_server	1.3.12	cpe:2.3:a:apache:http_server:1.3.12:::::::*
apache	http_server	1.3.13	cpe:2.3:a:apache:http_server:1.3.13:::::::*
apache	http_server	1.3.14	cpe:2.3:a:apache:http_server:1.3.14:::::::*
apache	http_server	1.3.15	cpe:2.3:a:apache:http_server:1.3.15:::::::*