CVE-2002-1394

high Apache
CVSS v3 Base Score
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Score
5.4%
Exploitation probability in 30 days
Top 10% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P
Published: January 17, 2003 (8518 days ago)
Last Modified: April 16, 2026
Vendor: Apache
Source: NVD

Description

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

CWE

NVD-CWE-Other

Affected Products

apache tomcat

References

🔗 issues.apache.org 🔗 marc.info 🔗 marc.info 🔗 www.debian.org 🔗 www.redhat.com