CVE-2002-2009

Apache Tomcat 4.0.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.

Scores

EPSS 0.0731
EPSS Percentile 93.7%

Details

Status published
Products (2)
apache/tomcat 4.0.1
org.apache.tomcat/tomcat 4.0.0Maven
Published Dec 31, 2002
Tracked Since Feb 18, 2026