Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-2272Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Http Server

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
7.8HIGHNVD
EPSS
31.4%
top 3.21%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apache Http ServerApache Tomcat
Timeline
PublishedDec 31
Latest updateApr 30

Description

Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDapache/tomcat14 versions+13
NVDapache/http_server21 versions+20

Patches

Patch: archives.neohapsis.comPatch: www.securityfocus.comPatch: archives.neohapsis.com

🔴Vulnerability Details

3
GHSA
Apache Tomcat DoS via Malicious Get Request2022-04-30
OSV
Apache Tomcat DoS via Malicious Get Request2022-04-30
CVEList
CVE-2002-2272: Tomcat 42007-10-18

💥Exploits & PoCs

1
Exploit-DB
Apache 1.3.x + Tomcat 4.0.x/4.1.x mod_jk - Chunked Encoding Denial of Service2002-12-04
CVE-2002-2272 — Apache Http Server vulnerability | cvebase