PT-2002-2144 · Apache · Apache Tomcat

Published

2002-10-11

Updated

2022-04-30

CVE-2002-1148

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.0.4 and 4.1.10 and earlier

Description: The issue allows remote attackers to read source code for server files via a direct request to the org.apache.catalina.servlets.DefaultServlet servlet. A specially crafted URL using the default servlet can enable an attacker to obtain the source of JSP pages.

Recommendations: For Apache Tomcat versions 4.0.4 and 4.1.10 and earlier, consider disabling the org.apache.catalina.servlets.DefaultServlet servlet until a patch is available to prevent remote attackers from reading source code for server files. Restrict access to the default servlet to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2002-1148

DSA-170

GHSA-JXCV-V856-J5VG

Affected Products

Apache Tomcat

PT-2002-2144 · Apache · Apache Tomcat

CVE-2002-1148

Weakness Enumeration

Related Identifiers

Affected Products

References · 24