Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1394

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1394
Last Modified 10 Sep 2008 03:14:29
Published 17 Jan 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1394

Summary

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

Vulnerable Systems

Application

  • Apache Tomcat 4.0.0

  • Apache Tomcat 4.0.1

  • Apache Tomcat 4.0.2

  • Apache Tomcat 4.0.3

  • Apache Tomcat 4.0.4

  • Apache Tomcat 4.0.5

  • Apache Tomcat 4.1.0

  • Apache Tomcat 4.1.10

  • Apache Tomcat 4.1.3

  • Apache Tomcat 4.1.9


References

GENTOO - GLSA-200210-001

XF - tomcat-invoker-source-code(10376)

BID - 6562

REDHAT - RHSA-2003:082

REDHAT - RHSA-2003:075

DEBIAN - DSA-225

CONFIRM - http://marc.theaimsgroup.com/?l=tomcat-dev&m=103417249325526&w=2

CONFIRM - http://issues.apache.org/bugzilla/show_bug.cgi?id=13365


Last Updated: 27 May 2016 10:37:18