CVE-2002-1394 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=0 <4.0.6

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.05353 pctl0.89706

Details

Apache Tomcat Source Code Disclosure Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

Metadata

Created: 2022-04-30T18:21:05Z
Modified: 2024-02-12T19:58:01Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-8v5p-2cpv-c2x6/GHSA-8v5p-2cpv-c2x6.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-8v5p-2cpv-c2x6
Finding: F308
Auto approve: 1