cbcvebase.
CVE-2002-1148
published 2002-10-11

CVE-2002-1148: The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server…

PriorityP333medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
16.82%
96.7th percentile
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.

Affected

19 ranges
VendorProductVersion rangeFixed in
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://target/admin/servlet/org.apache.catalina.servlets.DefaultServlet/target.jsp
path/admin/servlet/org.apache.catalina.servlets.DefaultServlet/
  • Detect HTTP requests targeting the DefaultServlet path pattern used to disclose server-side source files (e.g. JSP) via direct servlet invocation.
  • Alert on any GET request URI containing the string 'org.apache.catalina.servlets.DefaultServlet' in the path, which is the direct-invocation pattern exploited by this CVE.
  • Monitor for direct requests to the DefaultServlet servlet mapping (/servlet/org.apache.catalina.servlets.DefaultServlet/) followed by a filename, indicating attempted source code disclosure.
  • ·Affected versions are Tomcat 4.0.4 and 4.1.10 and earlier; the DefaultServlet is included and mapped by default, making all default installations potentially exposed without configuration changes.
  • ·The exploit path uses the /admin/ context prefix, suggesting the admin web application must be deployed (which is the default in affected versions); disabling or restricting the admin webapp reduces attack surface.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.