| Vulnerability Name: | CVE-2002-1895 (CCN-10348) | ||||||||
| Assigned: | 2002-10-11 | ||||||||
| Published: | 2002-10-11 | ||||||||
| Updated: | 2019-03-25 | ||||||||
| Summary: | The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CCN Type: VulnWatch Mailing List, Fri Oct 11 2002 - 06:36:55 CDT Apache Tomcat 3.x and 4.0.x: Remote denial-of-service vulnerability Source: VULNWATCH Type: Exploit, Vendor Advisory 20021011 Apache Tomcat 3.x and 4.0.x: Remote denial-of-service vulnerability Source: MITRE Type: CNA CVE-2002-1895 Source: CCN Type: Jakarta Web site The Jakarta Site - The Jakarta Project Source: CONFIRM Type: UNKNOWN http://tomcat.apache.org/security-4.html Source: XF Type: Patch tomcat-get-device-dos(10348) Source: CCN Type: OSVDB ID: 34885 Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS Source: XF Type: UNKNOWN tomcat-get-device-dos(10348) Source: MLIST Type: UNKNOWN [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ Source: MLIST Type: UNKNOWN [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ Source: MLIST Type: UNKNOWN [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||