Search for vulnerabilities
Vulnerability details: VCID-6tq1-t9g1-2kf1
Vulnerability ID VCID-6tq1-t9g1-2kf1
Aliases CVE-2002-2272
GHSA-pqr5-9v2j-44xg
Summary Apache Tomcat DoS via Malicious Get Request Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-707 Improper Neutralization
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.20744 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
generic_textual HIGH https://exchange.xforce.ibmcloud.com/vulnerabilities/10771
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-pqr5-9v2j-44xg
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2002-2272
generic_textual HIGH https://web.archive.org/web/20030501051114/http://www.securityfocus.com/bid/6320
generic_textual HIGH https://web.archive.org/web/20051124132812/http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2002-2272
https://exchange.xforce.ibmcloud.com/vulnerabilities/10771
https://nvd.nist.gov/vuln/detail/CVE-2002-2272
https://web.archive.org/web/20030501051114/http://www.securityfocus.com/bid/6320
https://web.archive.org/web/20051124132812/http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html
CVE-2002-2272;OSVDB-7394 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/dos/22068.pl
CVE-2002-2272;OSVDB-7394 Exploit https://www.securityfocus.com/bid/6320/info
GHSA-pqr5-9v2j-44xg https://github.com/advisories/GHSA-pqr5-9v2j-44xg
Data source Exploit-DB
Date added Dec. 4, 2002
Description Apache 1.3.x + Tomcat 4.0.x/4.1.x mod_jk - Chunked Encoding Denial of Service
Ransomware campaign use Known
Source publication date Dec. 4, 2002
Exploit type dos
Platform unix
Source update date Dec. 19, 2016
Source URL https://www.securityfocus.com/bid/6320/info
Exploit Prediction Scoring System (EPSS)
Percentile 0.95357
EPSS Score 0.20744
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:59:27.445931+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-pqr5-9v2j-44xg/GHSA-pqr5-9v2j-44xg.json 37.0.0