High severityNVD Advisory· Published Jan 17, 2003· Updated Jun 16, 2026
CVE-2002-1394
CVE-2002-1394
Description
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tomcat:tomcatMaven | < 4.0.6 | 4.0.6 |
Affected products
11cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
20- github.com/advisories/GHSA-8v5p-2cpv-c2x6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2002-1394ghsaADVISORY
- issues.apache.org/bugzilla/show_bug.cginvdWEB
- marc.infonvdWEB
- marc.infonvdWEB
- archive.apache.org/dist/tomcat/tomcat-4/archive/v4.0.6/README.htmlghsaWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/10376nvdWEB
- lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3EghsaWEB
- web.archive.org/web/20030412075128/http://rhn.redhat.com/errata/RHSA-2003-075.htmlghsaWEB
- web.archive.org/web/20030705143220/http://www.securityfocus.com/bid/6562ghsaWEB
- web.archive.org/web/20041024213235/http://rhn.redhat.com/errata/RHSA-2003-082.htmlghsaWEB
- web.archive.org/web/20070430073829/http://www.debian.org/security/2003/dsa-225ghsaWEB
- www.debian.org/security/2003/dsa-225nvd
- www.redhat.com/support/errata/RHSA-2003-075.htmlnvd
- www.redhat.com/support/errata/RHSA-2003-082.htmlnvd
- www.securityfocus.com/bid/6562nvd
- lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Envd
News mentions
0No linked articles in our index yet.