CVE-2002-1567 — Apache Tomcat XSS Vulnerability

Description

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.

How to fix CVE-2002-1567

To remediate CVE-2002-1567, upgrade the affected package to a fixed version below.

Maven/org.apache.tomcat:tomcat—upgrade to 4.1.29 or later

Is CVE-2002-1567 being exploited?

Moderate — EPSS is 41.7%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

>= 4.1.0, < 4.1.29

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2002-1567
WEBlists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
WEBlists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
WEB