Lucene search

GitHub Advisory DatabaseGHSA-P543-JG43-9PM5

HistoryApr 30, 2022 - 6:19 p.m.

Apache Tomcat may be started without proper security settings

2022-04-3018:19:20

CWE-276

GitHub Advisory Database

github.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.3%

JSON

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Affected configurations

Vulners

Node

org.apache.tomcat\Matchtomcat

CPENameOperatorVersion
org.apache.tomcat:tomcatlt4.0b7

CPE	Name	Operator	Version
	org.apache.tomcat:tomcat	lt	4.0b7

References

marc.info/?l=bugtraq&m=101709002410365&w=2

github.com/advisories/GHSA-p543-jg43-9pm5

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

nvd.nist.gov/vuln/detail/CVE-2002-0493

web.archive.org/web/20020903071650/www.iss.net/security_center/static/9863.php

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.3%

JSON

Related for GHSA-P543-JG43-9PM5