CVE-2002-1394 — Sensitive Information Exposure in Apache Tomcat

CWE-200 — Sensitive Information Exposure6 documents6 sources
Severity
7.5HIGHNVD
EPSS
5.4%
top 9.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedJan 17
Latest updateApr 30

Description

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

â–¶NVDapache/tomcat10 versions+9

🔴Vulnerability Details

3
OSV
Apache Tomcat Source Code Disclosure↗2022-04-30
â–¶
GHSA
Apache Tomcat Source Code Disclosure↗2022-04-30
â–¶
CVEList
CVE-2002-1394: Apache Tomcat 4↗2004-09-01
â–¶

📋Vendor Advisories

1
Red Hat
security flaw↗2002-10-09
â–¶

💬Community

1
Bugzilla
CVE-2002-1394 security flaw↗2018-08-16
â–¶
CVE-2002-1394 — Sensitive Information Exposure | cvebase