CVE-2002-1148
tomcat4 - source code disclosure
EPSS 67.3%
Description
The default servlet (`org.apache.catalina.servlets.DefaultServlet`) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
How to fix CVE-2002-1148
To remediate CVE-2002-1148, upgrade the affected package to a fixed version below.
- Debian/tomcat4—upgrade to 4.0.3-3woody1 or later
- Maven/org.apache.tomcat:tomcat—upgrade to 4.0.5 or later
Is CVE-2002-1148 being exploited?
Likely — EPSS is 67.3%, placing CVE-2002-1148 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 4.0.3-3woody1
- >= 4.0.0, < 4.0.5
References (11)
- ADVISORYnvd.nist.gov/vuln/detail/CVE-2002-1148
- WEBmarc.info/?l=bugtraq&m=103288242014253&w=2
- WEBlists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
- WEBlists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E