Search for vulnerabilities
Vulnerability details: VCID-fwxg-teb6-aaas
Vulnerability ID VCID-fwxg-teb6-aaas
Aliases CVE-2002-2272
GHSA-pqr5-9v2j-44xg
Summary Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-707 Improper Neutralization
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.01228 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.01228 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.01228 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.01228 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.01528 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.01528 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.01528 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.01528 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.01528 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.01528 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.01528 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.01528 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.01528 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.01528 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.01528 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.01528 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12368 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.12599 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.15915 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.15915 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.15915 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.15915 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.15915 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.15915 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.15915 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.15915 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
epss 0.15915 https://api.first.org/data/v1/epss?cve=CVE-2002-2272
generic_textual HIGH https://exchange.xforce.ibmcloud.com/vulnerabilities/10771
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-pqr5-9v2j-44xg
cvssv2 7.8 https://nvd.nist.gov/vuln/detail/CVE-2002-2272
generic_textual HIGH https://web.archive.org/web/20030501051114/http://www.securityfocus.com/bid/6320
generic_textual HIGH https://web.archive.org/web/20051124132812/http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html
Reference id Reference type URL
http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html
https://api.first.org/data/v1/epss?cve=CVE-2002-2272
https://exchange.xforce.ibmcloud.com/vulnerabilities/10771
https://web.archive.org/web/20030501051114/http://www.securityfocus.com/bid/6320
https://web.archive.org/web/20051124132812/http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html
http://www.securityfocus.com/bid/6320
cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*
CVE-2002-2272 https://nvd.nist.gov/vuln/detail/CVE-2002-2272
CVE-2002-2272;OSVDB-7394 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/dos/22068.pl
CVE-2002-2272;OSVDB-7394 Exploit https://www.securityfocus.com/bid/6320/info
GHSA-pqr5-9v2j-44xg https://github.com/advisories/GHSA-pqr5-9v2j-44xg
Data source Exploit-DB
Date added Dec. 4, 2002
Description Apache 1.3.x + Tomcat 4.0.x/4.1.x mod_jk - Chunked Encoding Denial of Service
Ransomware campaign use Known
Source publication date Dec. 4, 2002
Exploit type dos
Platform unix
Source update date Dec. 19, 2016
Source URL https://www.securityfocus.com/bid/6320/info
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2002-2272
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.85135
EPSS Score 0.01228
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.