CVE-2002-0493Incorrect Default Permissions in Apache Tomcat

CWE-254CWE-276Incorrect Default Permissions4 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.4%
top 19.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedAug 12
Latest updateApr 30

Description

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDapache/tomcat3.3.2

🔴Vulnerability Details

3
GHSA
Apache Tomcat may be started without proper security settings2022-04-30
OSV
Apache Tomcat may be started without proper security settings2022-04-30
CVEList
CVE-2002-0493: Apache Tomcat may be started without proper security settings if errors are encountered while reading the web2003-04-02
CVE-2002-0493 — Incorrect Default Permissions in Apache | cvebase