CVE-2002-2272
Vulnerability from cvelistv5
Published
2007-10-18 10:00
Modified
2024-08-08 03:59
Severity ?
EPSS score ?
Summary
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20021204 Apache/Tomcat Denial Of Service And Information Leakage Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html"
},
{
"name": "tomcat-modjk-get-bo(10771)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10771"
},
{
"name": "6320",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20021204 Apache/Tomcat Denial Of Service And Information Leakage Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html"
},
{
"name": "tomcat-modjk-get-bo(10771)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10771"
},
{
"name": "6320",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021204 Apache/Tomcat Denial Of Service And Information Leakage Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html"
},
{
"name": "tomcat-modjk-get-bo(10771)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10771"
},
{
"name": "6320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2272",
"datePublished": "2007-10-18T10:00:00",
"dateReserved": "2007-10-17T00:00:00",
"dateUpdated": "2024-08-08T03:59:11.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2002-2272\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2002-12-31T05:00:00.000\",\"lastModified\":\"2017-07-29T01:29:02.890\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.8},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28EC1F94-04F3-490A-8324-1EB60EEBAD4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9B12229-3F9E-469C-8AD6-7E43FA45B876\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30D94958-0D13-4076-B6F0-61D505136789\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"691D7D29-420E-4ABC-844F-D5DD401598F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F715F8CB-A473-4374-8CF1-E9D74EBA5E8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B6EE0E2-D608-4E72-A0E5-F407511405C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33FD6791-3B84-40CA-BCF4-B5637B172F2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06F447C8-15FE-44DE-86AD-5E2D496AB2A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DDD2F69-CFD4-4DEA-B43A-1337EEFA95A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4955E57-9C5D-40C2-BD5F-A383FF3C33FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A7607F8-6C2A-4976-A861-3BEE1F45002B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A80B17D-FD66-40BD-9ADC-FE7A3944A696\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"713ADED4-CBE5-40C3-A128-99CFABF24560\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70FA0B8E-1A90-4939-871A-38B9E93BCCC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83BDEAE5-29B9-48E3-93FA-F30832044C9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2720E06-1B0E-4BFE-8C85-A17E597BB151\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EE1DECF-36C7-4968-8B7A-7A2034C2A957\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B67BD173-8517-4E97-BC65-D9657C63601A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B392A96F-FD2F-4073-8EED-EB31E1F20FE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E130104B-86F5-411E-8AC0-9B4B780BCA00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E62E621-74DA-4D99-A79C-AD2B85896A2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"914E1404-01A2-4F94-AA40-D5EA20F55AD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81FB1106-B26D-45BE-A511-8E69131BBA52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"401A213A-FED3-49C0-B823-2E02EA528905\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BFE5AD8-DB14-4632-9D2A-F2013579CA7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7641278D-3B8B-4CD2-B284-2047B65514A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB7B9911-E836-4A96-A0E8-D13C957EC0EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2341C51-A239-4A4A-B0DC-30F18175442C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E300013-0CE7-4313-A553-74A6A247B3E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E08D7414-8D0C-45D6-8E87-679DF0201D55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB15C5DB-0DBE-4DAD-ACBD-FAE23F768D01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60CFD9CA-1878-4C74-A9BD-5D581736E6B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7E52BE7-5281-4430-8846-E41CF34FC214\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBDA8066-294D-431E-B026-C03707DFBCD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C92F3744-C8F9-4E29-BF1A-25E03A32F2C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7DDA1D1-1DB2-4FD6-90A6-7DDE2FDD73F4\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/6320\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/10771\",\"source\":\"cve@mitre.org\"}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.