← CVECheck
HomeVulnerabilities

CVE-2002-2009 — MEDIUM severity vulnerability (Apache Tomcat 4.0.1 allows remote attackers to obtain the we)

Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.

CVE IDCVE-2002-2009
SeverityMEDIUM
CVSS score5.0
CVSS vectorAV:N/AC:L/Au:N/C:P/I:N/A:N
CWENVD-CWE-Other
StatusModified
Published2002-12-31
Last modified2026-04-16
DescriptionApache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →