Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2002-1148 | First vendor Publication | 2002-10-11 |
Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1148 |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 225-1 (tomcat4) File : nvt/deb_225_1.nasl |
2005-11-03 | Name : Tomcat 4.x JSP Source Exposure File : nvt/tomcat_source_exposure.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
8773 | Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Cod... Apache Tomcat contains a flaw that may allow a remote attacker to gain access to file source code. The issue is due to the default servlet (org.apache.catalina.servlets.DefaultServlet) allowing requests directly to it, which will allow an attacker to view the source code for server files. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-170.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-225.nasl - Type : ACT_GATHER_INFO |
2002-11-28 | Name : The remote web server is affected by an information disclosure vulnerability. File : tomcat_source_exposure.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-11-07 21:48:11 |
|
2021-05-04 12:01:46 |
|
2021-04-22 01:01:53 |
|
2020-05-23 00:15:05 |
|
2019-03-25 17:18:56 |
|
2019-03-21 21:19:08 |
|
2016-10-18 12:01:03 |
|
2016-04-26 12:16:07 |
|
2014-02-17 10:25:06 |
|
2013-05-11 12:11:59 |
|