VulnerableCode Vulnerability Details - VCID-4ujr-2afv-73cy

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-4ujr-2afv-73cy

Essentials
Severities (12)
References (8)
Severity details (5)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-4ujr-2afv-73cy
Aliases	CVE-2002-2272 GHSA-pqr5-9v2j-44xg
Summary	Improper Restriction of Operations within the Bounds of a Memory Buffer Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-707	Improper Neutralization
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.31421	https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss	0.31421	https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss	0.31421	https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss	0.31421	https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss	0.31421	https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss	0.31421	https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss	0.31421	https://api.first.org/data/v1/epss?cve=CVE-2002-2272
generic_textual	HIGH	https://exchange.xforce.ibmcloud.com/vulnerabilities/10771
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-pqr5-9v2j-44xg
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2002-2272
generic_textual	HIGH	https://web.archive.org/web/20030501051114/http://www.securityfocus.com/bid/6320
generic_textual	HIGH	https://web.archive.org/web/20051124132812/http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2002-2272
		https://exchange.xforce.ibmcloud.com/vulnerabilities/10771
		https://web.archive.org/web/20030501051114/http://www.securityfocus.com/bid/6320
		https://web.archive.org/web/20051124132812/http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html
CVE-2002-2272		https://nvd.nist.gov/vuln/detail/CVE-2002-2272
CVE-2002-2272;OSVDB-7394	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/dos/22068.pl
CVE-2002-2272;OSVDB-7394	Exploit	https://www.securityfocus.com/bid/6320/info
GHSA-pqr5-9v2j-44xg		https://github.com/advisories/GHSA-pqr5-9v2j-44xg

Data source	Exploit-DB
Date added	Dec. 4, 2002
Description	Apache 1.3.x + Tomcat 4.0.x/4.1.x mod_jk - Chunked Encoding Denial of Service
Ransomware campaign use	Known
Source publication date	Dec. 4, 2002
Exploit type	dos
Platform	unix
Source update date	Dec. 19, 2016
Source URL	https://www.securityfocus.com/bid/6320/info

Exploit Prediction Scoring System (EPSS)

Percentile	0.9675
EPSS Score	0.31421
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:49:55.165620+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2002-2272.yml	38.0.0