CVE-2002-1148
Apache Tomcat < 4.0.5 - Unauthenticated Arbitrary File Read via Default Servlet
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-1148. PoCs published by Rossen Raykov.
AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in Apache Tomcat's DefaultServlet, allowing unauthorized access to JSP source code and sensitive data within the webroot.
Description
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Rossen Raykov · textremoteunix
https://www.exploit-db.com/exploits/21853
This is a writeup describing an information disclosure vulnerability in Apache Tomcat's DefaultServlet, allowing unauthorized access to JSP source code and sensitive data within the webroot.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
Apache Tomcat (versions with DefaultServlet)
No auth needed
Prerequisites:
Apache Tomcat with DefaultServlet enabled · Access to the target web server
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (10)
Core 10
Core References
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5786
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-217.html
Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10175.php
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-218.html
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=103288242014253&w=2
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2002/dsa-170
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_hp
http://online.securityfocus.com/advisories/4758
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
Scores
EPSS
0.6727
EPSS Percentile
98.6%
Details
Status
published
Products (20)
apache/tomcat
3.0
apache/tomcat
3.1
apache/tomcat
3.1.1
apache/tomcat
3.2
apache/tomcat
3.2.1
apache/tomcat
3.2.2 beta2
apache/tomcat
3.2.3
apache/tomcat
3.2.4
apache/tomcat
3.3
apache/tomcat
3.3.1
... and 10 more
Published
Oct 11, 2002
Tracked Since
Feb 18, 2026