CVE-2002-1394

Published: Jan 17, 2003Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

Affected (10)

Products: Apache: Tomcat

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Version 4.0.0
Apache Tomcat	Version 4.0.1
Apache Tomcat	Version 4.0.2
Apache Tomcat	Version 4.0.3
Apache Tomcat	Version 4.0.4
Apache Tomcat	Version 4.0.5
Apache Tomcat	Version 4.1.0
Apache Tomcat	Version 4.1.10
Apache Tomcat	Version 4.1.3 beta
Apache Tomcat	Version 4.1.9 beta

References (22)

http://issues.apache.org/bugzilla/show_bug.cgi?id=13365

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=103470282514938&w=2

Source: cve@mitre.org

http://marc.info/?l=tomcat-dev&m=103417249325526&w=2

Source: cve@mitre.org

http://www.debian.org/security/2003/dsa-225

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2003-075.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2003-082.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/6562

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/10376

Source: cve@mitre.org

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Source: cve@mitre.org

http://issues.apache.org/bugzilla/show_bug.cgi?id=13365

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=103470282514938&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=tomcat-dev&m=103417249325526&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2003/dsa-225

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2003-075.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2003-082.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/6562

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/10376

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.