Vulnerability Description
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | <= 3.3.2 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=101709002410365&w=2Mailing List
- http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail%40
- http://www.iss.net/security_center/static/9863.phpThird Party Advisory
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bd
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846
- http://marc.info/?l=bugtraq&m=101709002410365&w=2Mailing List
- http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail%40
- http://www.iss.net/security_center/static/9863.phpThird Party Advisory
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bd
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846
FAQ
What is CVE-2002-0493?
CVE-2002-0493 is a vulnerability with a CVSS score of 7.5 (HIGH). Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
How severe is CVE-2002-0493?
CVE-2002-0493 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0493?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.