CVE-2002-1567

Apache Tomcat 4.1.0-4.1.28 - Cross-Site Scripting via Encoded Newlines in JSP Filename

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1567. PoCs published by Skinnay.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Jakarta Tomcat where malicious script code embedded in a URI can be executed when requesting a JSP file. The example URI demonstrates how an attacker could inject JavaScript code into the response.

Description

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Skinnay · textremoteunix
https://www.exploit-db.com/exploits/21734

The provided text describes a cross-site scripting (XSS) vulnerability in Jakarta Tomcat where malicious script code embedded in a URI can be executed when requesting a JSP file. The example URI demonstrates how an attacker could inject JavaScript code into the response.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Jakarta Tomcat (versions not specified)
No auth needed
Prerequisites: A vulnerable version of Jakarta Tomcat · Ability to craft a malicious URI
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

EPSS 0.4166
EPSS Percentile 97.5%

Details

Status published
Products (2)
apache/tomcat 4.1.0
org.apache.tomcat/tomcat 4.1.0 - 4.1.29Maven
Published Oct 06, 2003
Tracked Since Feb 18, 2026