CVE-2002-1148
published 2002-10-11CVE-2002-1148: The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server…
PriorityP333medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
16.82%
96.7th percentile
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP requests targeting the DefaultServlet path pattern used to disclose server-side source files (e.g. JSP) via direct servlet invocation. ↗
- →Alert on any GET request URI containing the string 'org.apache.catalina.servlets.DefaultServlet' in the path, which is the direct-invocation pattern exploited by this CVE. ↗
- →Monitor for direct requests to the DefaultServlet servlet mapping (/servlet/org.apache.catalina.servlets.DefaultServlet/) followed by a filename, indicating attempted source code disclosure. ↗
- ·Affected versions are Tomcat 4.0.4 and 4.1.10 and earlier; the DefaultServlet is included and mapped by default, making all default installations potentially exposed without configuration changes. ↗
- ·The exploit path uses the /admin/ context prefix, suggesting the admin web application must be deployed (which is the default in affected versions); disabling or restricting the admin webapp reduces attack surface. ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2002-10-09·CVSS 7.5
CVE-2002-1394 [HIGH] security flaw
security flaw
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
Red Hat
security flaw
vendor_redhat·2002-09-24·CVSS 5.0
CVE-2002-1148 [MEDIUM] security flaw
security flaw
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
GHSA
Apache Tomcat Source Code Disclosure
ghsa·2022-04-30
CVE-2002-1148 [MEDIUM] CWE-200 Apache Tomcat Source Code Disclosure
Apache Tomcat Source Code Disclosure
The default servlet (`org.apache.catalina.servlets.DefaultServlet`) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
OSV
Apache Tomcat Source Code Disclosure
osv·2022-04-30
CVE-2002-1148 [MEDIUM] Apache Tomcat Source Code Disclosure
Apache Tomcat Source Code Disclosure
The default servlet (`org.apache.catalina.servlets.DefaultServlet`) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
GHSA
Apache Tomcat Source Code Disclosure
ghsa·2022-04-30
CVE-2002-1394 [HIGH] CWE-200 Apache Tomcat Source Code Disclosure
Apache Tomcat Source Code Disclosure
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
No detection rules found.
Bugzilla
CVE-2002-1148 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2002-1148 [MEDIUM] CVE-2002-1148 security flaw
CVE-2002-1148 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
Bugzilla
CVE-2002-1394 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2002-1394 [HIGH] CVE-2002-1394 security flaw
CVE-2002-1394 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
http://marc.info/?l=bugtraq&m=103288242014253&w=2http://online.securityfocus.com/advisories/4758http://www.debian.org/security/2002/dsa-170http://www.iss.net/security_center/static/10175.phphttp://www.redhat.com/support/errata/RHSA-2002-217.htmlhttp://www.redhat.com/support/errata/RHSA-2002-218.htmlhttp://www.securityfocus.com/bid/5786https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttp://marc.info/?l=bugtraq&m=103288242014253&w=2http://online.securityfocus.com/advisories/4758http://www.debian.org/security/2002/dsa-170http://www.iss.net/security_center/static/10175.phphttp://www.redhat.com/support/errata/RHSA-2002-217.htmlhttp://www.redhat.com/support/errata/RHSA-2002-218.htmlhttp://www.securityfocus.com/bid/5786https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
2002-10-11
Published