{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4934?format=json","vulnerability_id":"VCID-xu51-tkfm-57am","summary":"Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.","aliases":[{"alias":"CVE-2002-0493"},{"alias":"GHSA-p543-jg43-9pm5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1524?format=json","purl":"pkg:apache/tomcat@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18j8-kwdv-dyak"},{"vulnerability":"VCID-2fb2-r763-ybg5"},{"vulnerability":"VCID-2jnv-segx-zkfd"},{"vulnerability":"VCID-41ps-jy8t-cyfm"},{"vulnerability":"VCID-6epr-2hbd-skcz"},{"vulnerability":"VCID-87p8-zvvf-y7dm"},{"vulnerability":"VCID-88v7-kc2y-bfd7"},{"vulnerability":"VCID-99es-8ecb-uub8"},{"vulnerability":"VCID-9y3t-7vfv-cbd2"},{"vulnerability":"VCID-bhq7-d545-27bj"},{"vulnerability":"VCID-gcgw-9fjy-nuap"},{"vulnerability":"VCID-j2sv-62js-xbav"},{"vulnerability":"VCID-p45v-qpgg-qqfj"},{"vulnerability":"VCID-peya-mr7j-vugf"},{"vulnerability":"VCID-q7jp-hn4a-4kec"},{"vulnerability":"VCID-qxkf-4ddv-j3b7"},{"vulnerability":"VCID-r1bk-cqhx-ebc5"},{"vulnerability":"VCID-ssnx-gz8e-87ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@4.0.0"}],"affected_packages":[],"references":[{"reference_url":"http://marc.info/?l=bugtraq&m=101709002410365&w=2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=101709002410365&w=2"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2002-0493","reference_id":"","reference_type":"","scores":[{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80913","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80758","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80781","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80785","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80799","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80815","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80837","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80858","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80852","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.8087","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80662","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.8067","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80691","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80687","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80715","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80725","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80741","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80727","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80719","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80755","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0144","scoring_system":"epss","scoring_elements":"0.80756","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2002-0493"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://web.archive.org/web/20020903071650/http://www.iss.net/security_center/static/9863.php","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20020903071650/http://www.iss.net/security_center/static/9863.php"},{"reference_url":"http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail%40icarus.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail%40icarus.apache.org%3E"},{"reference_url":"http://www.iss.net/security_center/static/9863.php","reference_id":"","reference_type":"","scores":[],"url":"http://www.iss.net/security_center/static/9863.php"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0493","reference_id":"CVE-2002-0493","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0493"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2002-0493","reference_id":"CVE-2002-0493","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2002-0493"},{"reference_url":"https://github.com/advisories/GHSA-p543-jg43-9pm5","reference_id":"GHSA-p543-jg43-9pm5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p543-jg43-9pm5"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":254,"name":"7PK - Security Features","description":"Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":276,"name":"Incorrect Default Permissions","description":"During installation, installed file permissions are set to allow anyone to modify those files."}],"exploits":[],"severity_range_score":"4.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xu51-tkfm-57am"}