Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0935


Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0935
Last Modified 05 Sep 2008 04:29:20
Published 04 Oct 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.

Vulnerable Systems


  • Apache Tomcat 4.0.3


BID - 5067

XF - tomcat-null-thread-dos(9396)

OSVDB - 5051

BUGTRAQ - 20020620 KPMG-2002025: Apache Tomcat Denial of Service

VULNWATCH - 20020620 [VulnWatch] KPMG-2002025: Apache Tomcat Denial of Service

Last Updated: 27 May 2016 10:37:08