VYPR
High severityNVD Advisory· Published Jan 17, 2003· Updated Jun 16, 2026

CVE-2002-1394

CVE-2002-1394

Description

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcatMaven
< 4.0.64.0.6

Affected products

11
  • Apache/Tomcat10 versions
    cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*
  • ghsa-coords
    Range: < 4.0.6

Patches

Vulnerability mechanics

References

20

News mentions

0

No linked articles in our index yet.