CVE-2002-0682

Apache Tomcat 4.0.3 - Cross-Site Scripting via Servlet Exception Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0682. PoCs published by Matt Moore.

AI-analyzed exploit summary This is a writeup describing a cross-site scripting (XSS) vulnerability in Apache Tomcat 4.0.3. The vulnerability allows an attacker to inject malicious scripts via specific servlet paths, leading to XSS attacks.

Description

Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Matt Moore · textremotelinux
https://www.exploit-db.com/exploits/21604

This is a writeup describing a cross-site scripting (XSS) vulnerability in Apache Tomcat 4.0.3. The vulnerability allows an attacker to inject malicious scripts via specific servlet paths, leading to XSS attacks.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Apache Tomcat 4.0.3
No auth needed
Prerequisites: Servlet mapping enabled on the target Tomcat server
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/4973
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/9520
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5193
Patch, Vendor Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0014.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102631703811297&w=2

Scores

EPSS 0.1224
EPSS Percentile 95.7%

Details

Status published
Products (1)
apache/tomcat 4.0.3
Published Jul 23, 2002
Tracked Since Feb 18, 2026