[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250053

 
 

909

 
 

195940

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2002-1394Date: (C)2003-01-17   (M)2023-12-22


Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-6562
DSA-225
GLSA-200210-001
RHSA-2003:075
RHSA-2003:082
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://issues.apache.org/bugzilla/show_bug.cgi?id=13365
http://marc.info/?l=tomcat-dev&m=103417249325526&w=2
tomcat-invoker-source-code(10376)

CPE    10
cpe:/a:apache:tomcat:4.1.10
cpe:/a:apache:tomcat:4.1.9:beta
cpe:/a:apache:tomcat:4.0.3
cpe:/a:apache:tomcat:4.0.2
...

© SecPod Technologies