CVE-2002-1394

Apache Tomcat Source Code Disclosure in maven/org.apache.tomcat/tomcat

Identifiers

GHSA-8v5p-2cpv-c2x6, CVE-2002-1394

Package Slug

maven/org.apache.tomcat/tomcat

Vulnerability

Apache Tomcat Source Code Disclosure

Description

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

Affected Versions

All versions up to 4.0.5

Solution

Upgrade to version 4.0.6 or above.

Last Modified

2024-02-13

source