Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-rybd-nsf5-j7fr

Summary The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.

Aliases

alias	CVE-2002-2007

Fixed_packages

url pkg:apache/tomcat@3.3.0-a

purl pkg:apache/tomcat@3.3.0-a

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ss8-442a-3baf

vulnerability	VCID-6yk2-f8d5-cyc3

vulnerability	VCID-9rpn-zb26-yfdk

vulnerability	VCID-shq7-jxup-5fgk

vulnerability	VCID-x6zh-jypa-pbcc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.3.0-a

Affected_packages

url pkg:apache/tomcat@3.2.3

purl pkg:apache/tomcat@3.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-56a7-wfbu-7be8

vulnerability	VCID-rybd-nsf5-j7fr

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.2.3

url pkg:apache/tomcat@3.2.4

purl pkg:apache/tomcat@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fb2-r763-ybg5

vulnerability	VCID-6ss8-442a-3baf

vulnerability	VCID-6yk2-f8d5-cyc3

vulnerability	VCID-9rpn-zb26-yfdk

vulnerability	VCID-edmc-muvz-5ufu

vulnerability	VCID-rybd-nsf5-j7fr

vulnerability	VCID-shq7-jxup-5fgk

vulnerability	VCID-x6zh-jypa-pbcc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.2.4

url pkg:maven/org.apache.tomcat/tomcat@3.2.3

purl pkg:maven/org.apache.tomcat/tomcat@3.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-56a7-wfbu-7be8

vulnerability	VCID-rybd-nsf5-j7fr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@3.2.3

url pkg:maven/org.apache.tomcat/tomcat@3.2.4

purl pkg:maven/org.apache.tomcat/tomcat@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fb2-r763-ybg5

vulnerability	VCID-6ss8-442a-3baf

vulnerability	VCID-6yk2-f8d5-cyc3

vulnerability	VCID-9rpn-zb26-yfdk

vulnerability	VCID-edmc-muvz-5ufu

vulnerability	VCID-rybd-nsf5-j7fr

vulnerability	VCID-shq7-jxup-5fgk

vulnerability	VCID-x6zh-jypa-pbcc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@3.2.4

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2002-2007

reference_id

reference_type

scores

value	0.22609
scoring_system	epss
scoring_elements	0.95868
published_at	2026-04-18T12:55:00Z

value	0.22609
scoring_system	epss
scoring_elements	0.95815
published_at	2026-04-01T12:55:00Z

value	0.22609
scoring_system	epss
scoring_elements	0.95823
published_at	2026-04-02T12:55:00Z

value	0.22609
scoring_system	epss
scoring_elements	0.95832
published_at	2026-04-04T12:55:00Z

value	0.22609
scoring_system	epss
scoring_elements	0.95834
published_at	2026-04-07T12:55:00Z

value	0.22609
scoring_system	epss
scoring_elements	0.95843
published_at	2026-04-08T12:55:00Z

value	0.22609
scoring_system	epss
scoring_elements	0.95846
published_at	2026-04-09T12:55:00Z

value	0.22609
scoring_system	epss
scoring_elements	0.95849
published_at	2026-04-12T12:55:00Z

value	0.22609
scoring_system	epss
scoring_elements	0.95851
published_at	2026-04-13T12:55:00Z

value	0.22609
scoring_system	epss
scoring_elements	0.95862
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2002-2007

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2007

reference_id

CVE-2002-2007

reference_type

scores

value	Moderate
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2007

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21490.txt
reference_id	CVE-2002-2007;OSVDB-13304
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21490.txt

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21491.txt
reference_id	CVE-2002-2007;OSVDB-13304
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21491.txt

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21492.txt
reference_id	CVE-2002-2007;OSVDB-13304
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21492.txt

reference_url	https://www.securityfocus.com/bid/4876/info
reference_id	CVE-2002-2007;OSVDB-13304
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/4876/info

reference_url	https://www.securityfocus.com/bid/4877/info
reference_id	CVE-2002-2007;OSVDB-13304
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/4877/info

reference_url	https://www.securityfocus.com/bid/4878/info
reference_id	CVE-2002-2007;OSVDB-13304
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/4878/info

Weaknesses

Exploits

date_added	2002-05-29
description	Apache Tomcat 3.2.3/3.2.4 - Example Files Web Root Full Path Disclosure
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2002-05-29
exploit_type	remote
platform	multiple
source_date_updated	2012-09-23
data_source	Exploit-DB
source_url	https://www.securityfocus.com/bid/4877/info

Severity_range_score 4.0 - 6.9

Exploitability 2.0

Weighted_severity 6.2

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rybd-nsf5-j7fr

Vulnerability Instance