| Vulnerability Name: | CVE-2002-0493 (CCN-9863) | ||||||||
| Assigned: | 2002-03-20 | ||||||||
| Published: | 2002-03-20 | ||||||||
| Updated: | 2019-03-25 | ||||||||
| Summary: | Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-254 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2002-0493 Source: CCN Type: Jakarta Apache Web site The Jakarta Site - Apache Tomcat Source: CCN Type: Apache Labs Web site cvs commit: jakarta-tomcat-4.0 RELEASE-NOTES-4.0-B7.txt Source: BUGTRAQ Type: Mailing List 20020325 re: Tomcat Security Exposure Source: CCN Type: BugTraq Mailing List, 2002-03-20 21:44:43 Tomcat Security Exposure Source: MISC Type: Broken Link http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail@icarus.apache.org%3E Source: XF Type: Third Party Advisory tomcat-xml-bypass-restrictions(9863) Source: CCN Type: OSVDB ID: 5278 Apache Tomcat web.xml Restriction Bypass Source: XF Type: UNKNOWN tomcat-xml-bypass-restrictions(9863) Source: MLIST Type: UNKNOWN [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ Source: MLIST Type: UNKNOWN [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ Source: MLIST Type: UNKNOWN [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||