CVE-2002-1394

N/A Unknown

Published: January 17, 2003 Modified: April 16, 2026

Description

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://issues.apache.org/bugzilla/show_bug.cgi?id=13365

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=103470282514938&w=2

Source: cve@mitre.org

http://marc.info/?l=tomcat-dev&m=103417249325526&w=2

Source: cve@mitre.org

http://www.debian.org/security/2003/dsa-225

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2003-075.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2003-082.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/6562

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/10376

Source: cve@mitre.org

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Source: cve@mitre.org

http://issues.apache.org/bugzilla/show_bug.cgi?id=13365