Description

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

Remediation

References

CVE-2002-1394

Related Vulnerabilities

Oracle Application Server CVE-2006-5359 Vulnerability (CVE-2006-5359)

Nginx Improper Certificate Validation Vulnerability (CVE-2009-3555)

phpBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16108)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3440)

Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2020-5360)

Severity

High

Classification

CVE-2002-1394

Tags

Missing Update Known Vulnerabilities