CVE-2002-0493
Severity CVSS v4.0:
Pending analysis
Type:
CWE-254
Security Features
Publication date:
12/08/2002
Last modified:
03/04/2025
Description
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 3.3.2 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://marc.info/?l=bugtraq&m=101709002410365&w=2
- http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail%40icarus.apache.org%3E
- http://www.iss.net/security_center/static/9863.php
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
- http://marc.info/?l=bugtraq&m=101709002410365&w=2
- http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail%40icarus.apache.org%3E
- http://www.iss.net/security_center/static/9863.php
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E