Vulnerability Description
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 4.0.0 |
References
- http://issues.apache.org/bugzilla/show_bug.cgi?id=13365
- http://marc.info/?l=bugtraq&m=103470282514938&w=2
- http://marc.info/?l=tomcat-dev&m=103417249325526&w=2
- http://www.debian.org/security/2003/dsa-225
- http://www.redhat.com/support/errata/RHSA-2003-075.html
- http://www.redhat.com/support/errata/RHSA-2003-082.html
- http://www.securityfocus.com/bid/6562
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10376
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bd
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846
- http://issues.apache.org/bugzilla/show_bug.cgi?id=13365
- http://marc.info/?l=bugtraq&m=103470282514938&w=2
- http://marc.info/?l=tomcat-dev&m=103417249325526&w=2
- http://www.debian.org/security/2003/dsa-225
FAQ
What is CVE-2002-1394?
CVE-2002-1394 is a vulnerability with a CVSS score of 7.5 (HIGH). Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of C...
How severe is CVE-2002-1394?
CVE-2002-1394 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1394?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.