Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0682Cross-site Scripting in Apache Tomcat

5 documents4 sources
Severity
7.5HIGHNVD
EPSS
83.1%
top 0.74%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Tomcat
Timeline
PublishedJul 23
Latest updateApr 30

Description

Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDapache/tomcat4.0.3

Patches

Patch: archives.neohapsis.comPatch: archives.neohapsis.com

🔴Vulnerability Details

2
GHSA
GHSA-jjxj-xvcp-cxv8: Cross-site scripting vulnerability in Apache Tomcat 42022-04-30
CVEList
CVE-2002-0682: Cross-site scripting vulnerability in Apache Tomcat 42004-09-01

💥Exploits & PoCs

2
Exploit-DB
Comersus Open Technologies Comersus 5.0 - 'comersus_gatewayPayPal.asp' Price Manipulation2004-07-07
Exploit-DB
Apache Tomcat 4.0.3 - Servlet Mapping Cross-Site Scripting2002-07-10
CVE-2002-0682 — Cross-site Scripting in Apache Tomcat | cvebase