CVE-2002-0682

Name of the Vulnerable Software and Affected Versions Apache Tomcat version 4.0.3

Description The issue allows remote attackers to execute scripts as other web users via a script in a URL with the /servlet/ mapping. This occurs because the script is not filtered when an exception is thrown by the servlet. A specially crafted URL using the invoker servlet and various internal classes can cause Tomcat to throw an exception that includes unescaped information from the malformed request, enabling a cross-site scripting attack.

Recommendations For Apache Tomcat version 4.0.3, consider disabling the invoker servlet as a temporary workaround until a patch is available. Restrict access to internal classes to minimize the risk of exploitation. Avoid using the /servlet/ mapping in URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.