CVE-2002-1895Apache Tomcat vulnerability

3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
2.8%
top 13.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedDec 31
Latest updateApr 30

Description

The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat3.3, 4.0.4+1

Patches

Patch: www.iss.netPatch: www.iss.net

🔴Vulnerability Details

2
GHSA
GHSA-rffr-vjp4-vxh3: The servlet engine in Jakarta Apache Tomcat 32022-04-30
CVEList
CVE-2002-1895: The servlet engine in Jakarta Apache Tomcat 32005-06-28