VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-j2sv-62js-xbav

Essentials
Severities (23)
References (19)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-j2sv-62js-xbav
Aliases	CVE-2002-1394 GHSA-8v5p-2cpv-c2x6
Summary	Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
generic_textual	HIGH	http://issues.apache.org/bugzilla/show_bug.cgi?id=13365
generic_textual	HIGH	http://marc.info/?l=bugtraq&m=103470282514938&w=2
generic_textual	HIGH	http://marc.info/?l=tomcat-dev&m=103417249325526&w=2
epss	0.05353	https://api.first.org/data/v1/epss?cve=CVE-2002-1394
epss	0.05353	https://api.first.org/data/v1/epss?cve=CVE-2002-1394
epss	0.05353	https://api.first.org/data/v1/epss?cve=CVE-2002-1394
epss	0.05353	https://api.first.org/data/v1/epss?cve=CVE-2002-1394
epss	0.05353	https://api.first.org/data/v1/epss?cve=CVE-2002-1394
epss	0.05353	https://api.first.org/data/v1/epss?cve=CVE-2002-1394
epss	0.05353	https://api.first.org/data/v1/epss?cve=CVE-2002-1394
epss	0.05353	https://api.first.org/data/v1/epss?cve=CVE-2002-1394
epss	0.05353	https://api.first.org/data/v1/epss?cve=CVE-2002-1394
generic_textual	HIGH	https://archive.apache.org/dist/tomcat/tomcat-4/archive/v4.0.6/README.html
apache_tomcat	Important	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1394
generic_textual	HIGH	https://exchange.xforce.ibmcloud.com/vulnerabilities/10376
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-8v5p-2cpv-c2x6
generic_textual	HIGH	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>
generic_textual	HIGH	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2002-1394
generic_textual	HIGH	https://web.archive.org/web/20030412075128/http://rhn.redhat.com/errata/RHSA-2003-075.html
generic_textual	HIGH	https://web.archive.org/web/20030705143220/http://www.securityfocus.com/bid/6562
generic_textual	HIGH	https://web.archive.org/web/20041024213235/http://rhn.redhat.com/errata/RHSA-2003-082.html
generic_textual	HIGH	https://web.archive.org/web/20070430073829/http://www.debian.org/security/2003/dsa-225

Reference id	Reference type	URL
		http://issues.apache.org/bugzilla/show_bug.cgi?id=13365
		http://marc.info/?l=bugtraq&m=103470282514938&w=2
		http://marc.info/?l=tomcat-dev&m=103417249325526&w=2
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1394.json
		https://api.first.org/data/v1/epss?cve=CVE-2002-1394
		https://archive.apache.org/dist/tomcat/tomcat-4/archive/v4.0.6/README.html
		https://exchange.xforce.ibmcloud.com/vulnerabilities/10376
		https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>
		https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>
		https://web.archive.org/web/20030412075128/http://rhn.redhat.com/errata/RHSA-2003-075.html
		https://web.archive.org/web/20030705143220/http://www.securityfocus.com/bid/6562
		https://web.archive.org/web/20041024213235/http://rhn.redhat.com/errata/RHSA-2003-082.html
		https://web.archive.org/web/20070430073829/http://www.debian.org/security/2003/dsa-225
1616907		https://bugzilla.redhat.com/show_bug.cgi?id=1616907
CVE-2002-1394		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1394
CVE-2002-1394		https://nvd.nist.gov/vuln/detail/CVE-2002-1394
GHSA-8v5p-2cpv-c2x6		https://github.com/advisories/GHSA-8v5p-2cpv-c2x6
RHSA-2003:075		https://access.redhat.com/errata/RHSA-2003:075
RHSA-2003:082		https://access.redhat.com/errata/RHSA-2003:082

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.90035
EPSS Score	0.05353
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:38:20.435921+00:00	Apache Tomcat Importer	Import	https://tomcat.apache.org/security-4.html	38.0.0