CVE-2002-1394

Apache Tomcat <4.0.5 - Info Disclosure

Title source: llm
STIX 2.1

Description

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

References (11)

Core 11
Core References
Mailing List vendor-advisory x_refsource_gentoo
http://marc.info/?l=bugtraq&m=103470282514938&w=2
Mailing List x_refsource_confirm
http://marc.info/?l=tomcat-dev&m=103417249325526&w=2
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-225
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-075.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6562
Various Sources x_refsource_confirm
http://issues.apache.org/bugzilla/show_bug.cgi?id=13365
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-082.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10376

Scores

EPSS 0.0525
EPSS Percentile 91.6%

Details

Status published
Products (11)
apache/tomcat 4.0.0
apache/tomcat 4.0.1
apache/tomcat 4.0.2
apache/tomcat 4.0.3
apache/tomcat 4.0.4
apache/tomcat 4.0.5
apache/tomcat 4.1.0
apache/tomcat 4.1.3 beta
apache/tomcat 4.1.9 beta
apache/tomcat 4.1.10
... and 1 more
Published Jan 17, 2003
Tracked Since Feb 18, 2026