CVE-2002-1394

high

Description

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

References

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

https://exchange.xforce.ibmcloud.com/vulnerabilities/10376

http://www.securityfocus.com/bid/6562

http://www.redhat.com/support/errata/RHSA-2003-082.html

http://www.redhat.com/support/errata/RHSA-2003-075.html

http://www.debian.org/security/2003/dsa-225

http://marc.info/?l=tomcat-dev&m=103417249325526&w=2

http://marc.info/?l=bugtraq&m=103470282514938&w=2

http://issues.apache.org/bugzilla/show_bug.cgi?id=13365

Details

Source: Mitre, NVD

Published: 2003-01-17

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3