CVE-2002-2272

Apache Tomcat 4.0-4.1.12 with mod_jk 1.2.1 - Denial of Service via Invalid Chunked Transfer-Encoding

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2272. PoCs published by Sapient2003.

AI-analyzed exploit summary This Perl script exploits a denial of service vulnerability in Apache Webserver and Tomcat when using mod_jk. It sends a malicious chunked encoding request to desynchronize Apache and Tomcat, leading to a DoS condition.

Description

Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Sapient2003 · perldosunix
https://www.exploit-db.com/exploits/22068

This Perl script exploits a denial of service vulnerability in Apache Webserver and Tomcat when using mod_jk. It sends a malicious chunked encoding request to desynchronize Apache and Tomcat, leading to a DoS condition.

Classification
Working Poc 80%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apache Webserver 1.3.x, Tomcat 4.x with mod_jk 1.2
No auth needed
Prerequisites: Target must be running Apache Webserver 1.3.x with mod_jk 1.2 and Tomcat 4.x · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10771
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6320

Scores

EPSS 0.3089
EPSS Percentile 96.9%

Details

CWE
CWE-119
Status published
Products (36)
apache/http_server 1.3
apache/http_server 1.3.0
apache/http_server 1.3.1
apache/http_server 1.3.2
apache/http_server 1.3.10
apache/http_server 1.3.11
apache/http_server 1.3.12
apache/http_server 1.3.13
apache/http_server 1.3.14
apache/http_server 1.3.15
... and 26 more
Published Dec 31, 2002
Tracked Since Feb 18, 2026