CVE-2002-2009 — MEDIUM (5.0)

Q: What is CVE-2002-2009?

CVE-2002-2009 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.

Q: How severe is CVE-2002-2009?

CVE-2002-2009 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2002-2009?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.

Vulnerability Description

Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Tomcat	4.0.1

References

http://tomcat.apache.org/security-4.html
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0286.htmlExploitVendor Advisory
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0297.html
http://www.securityfocus.com/bid/4557
https://exchange.xforce.ibmcloud.com/vulnerabilities/42915
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bd
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846
http://tomcat.apache.org/security-4.html
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0286.htmlExploitVendor Advisory
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0297.html
http://www.securityfocus.com/bid/4557
https://exchange.xforce.ibmcloud.com/vulnerabilities/42915
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bd
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c

FAQ

What is CVE-2002-2009?

CVE-2002-2009 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.

How severe is CVE-2002-2009?

CVE-2002-2009 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-2009?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.