Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-99es-8ecb-uub8
Vulnerability ID VCID-99es-8ecb-uub8
Aliases CVE-2002-0935
GHSA-xmf4-j3j7-xj7q
Summary Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-400 Uncontrolled Resource Consumption
System Score Found at
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2002-0935
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2002-0935
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2002-0935
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2002-0935
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2002-0935
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2002-0935
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2002-0935
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2002-0935
epss 0.02834 https://api.first.org/data/v1/epss?cve=CVE-2002-0935
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0935
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-xmf4-j3j7-xj7q
generic_textual MODERATE https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2002-0935
generic_textual MODERATE https://web.archive.org/web/20020822030311/http://www.iss.net/security_center/static/9396.php
generic_textual MODERATE https://web.archive.org/web/20021010182017/http://online.securityfocus.com/bid/5067
generic_textual MODERATE https://web.archive.org/web/20021116054924/http://online.securityfocus.com/archive/1/277940
generic_textual MODERATE https://web.archive.org/web/20070525180638/http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0120.html
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2002-0935
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
https://web.archive.org/web/20020822030311/http://www.iss.net/security_center/static/9396.php
https://web.archive.org/web/20021010182017/http://online.securityfocus.com/bid/5067
https://web.archive.org/web/20021116054924/http://online.securityfocus.com/archive/1/277940
https://web.archive.org/web/20070525180638/http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0120.html
CVE-2002-0935 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0935
CVE-2002-0935 https://nvd.nist.gov/vuln/detail/CVE-2002-0935
GHSA-xmf4-j3j7-xj7q https://github.com/advisories/GHSA-xmf4-j3j7-xj7q
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.86119
EPSS Score 0.02834
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:38:20.554241+00:00 Apache Tomcat Importer Import https://tomcat.apache.org/security-4.html 38.0.0