1. CVE-Search
  2. CVE-2002-0493
ID CVE-2002-0493
Summary Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.2.2:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.2.2:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:3.3.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 25-03-2019 - 11:29)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20020325 re: Tomcat Security Exposure
misc http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail@icarus.apache.org%3E
mlist
  • [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
xf tomcat-xml-bypass-restrictions(9863)
Last major update 25-03-2019 - 11:29
Published 12-08-2002 - 04:00
Last modified 25-03-2019 - 11:29
Back to Top