Description

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

Remediation

References

CVE-2002-1394

Related Vulnerabilities

WordPress Plugin MiniCart SQL Injection (1.00.1)

WordPress Plugin Spiffy XSPF Player SQL Injection (0.1)

WordPress Plugin YOP Poll Cross-Site Scripting (5.8.0)

MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9403)

WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)

Severity

High

Classification

CVE-2002-1394

Tags

Missing Update Known Vulnerabilities