Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1148Sensitive Information Exposure in Apache Tomcat

CWE-200Sensitive Information Exposure10 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
36.7%
top 2.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Tomcat
Timeline
PublishedOct 11
Latest updateApr 30

Description

The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat19 versions+18

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

4
GHSA
Apache Tomcat Source Code Disclosure2022-04-30
OSV
Apache Tomcat Source Code Disclosure2022-04-30
GHSA
Apache Tomcat Source Code Disclosure2022-04-30
CVEList
CVE-2002-1148: The default servlet (org2004-09-01

💥Exploits & PoCs

1
Exploit-DB
Apache Tomcat 3/4 - 'DefaultServlet' File Disclosure2002-09-24

📋Vendor Advisories

2
Red Hat
security flaw2002-10-09
Red Hat
security flaw2002-09-24

💬Community

2
Bugzilla
CVE-2002-1148 security flaw2018-08-16
Bugzilla
CVE-2002-1394 security flaw2018-08-16
CVE-2002-1148 — Sensitive Information Exposure | cvebase