6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.6%
Moderate: Cross-site scripting CVE-2002-1567
The unmodified requested URL is included in the 404 response header. The new lines in this URL appear to the client to be the end of the header section. The remaining part of the URL, including the script elements, is treated as part of the response body and the client executes the script. Tomcat now replaces potentially unsafe characters in the response headers with spaces.
Affects: 4.1.0-4.1.28
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | ge | 4.1.0 | |
apache tomcat | le | 4.1.28 |