cbcvebase.
CVE-2002-0682
published 2002-07-23

CVE-2002-0682: Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/…

PriorityP428high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
12.24%
95.7th percentile
Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.

Affected

1 ranges
VendorProductVersion rangeFixed in
apachetomcat

Detection & IOCsextracted from sources · hover to see the quote

urltomcat-server/servlet/org.apache.catalina.servlets.WebdavStatus/alert(document.domain)
urltomcat-server/servlet/org.apache.catalina.ContainerServlet/alert(document.domain)
urltomcat-server/servlet/org.apache.catalina.Context/alert(document.domain)
  • Detect XSS exploitation attempts against Apache Tomcat 4.0.3 by monitoring HTTP requests containing the /servlet/ path mapping combined with script payloads (e.g., alert(...)) appended after a fully-qualified class name. These requests exploit exception-throwing behavior to reflect unsanitized input.
  • Flag HTTP requests matching the pattern: /servlet/<org.apache.catalina.*>/<script_payload> — the class name segment triggers an exception and the trailing payload is reflected unfiltered in the response.
  • ·The vulnerability is specific to Apache Tomcat version 4.0.3 on both Microsoft Windows and Linux platforms. Servlet mapping must be enabled for the attack surface to exist.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.