Apache Tomcat : Security vulnerabilities, CVEs published in October 2002

Copy

CVE-2002-1148

The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.

Max CVSS

5.0

EPSS Score

1.35%

Published

2002-10-11

Updated

2019-03-25

CVE-2002-0936

The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).

Max CVSS

5.0

EPSS Score

0.17%

Published

2002-10-04

Updated

2019-03-25

CVE-2002-0935

Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.

Max CVSS

5.0

EPSS Score

2.42%

Published

2002-10-04

Updated

2019-03-25

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!