CVE-2002-2272

Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.

Published: Dec 31, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-2272
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
apache / tomcat	4.1.2	4.1.2.x
apache / tomcat	4.0.4	4.0.4.x
apache / tomcat	4.1.9-beta	4.1.9-beta.x
apache / http_server	1.3.23	1.3.23.x
apache / http_server	1.3.27	1.3.27.x
apache / http_server	1.3.10	1.3.10.x
apache / http_server	1.3.16	1.3.16.x
apache / http_server	1.3.1	1.3.1.x
apache / http_server	1.3.25	1.3.25.x
apache / http_server	1.3.19	1.3.19.x
apache / http_server	1.3.24	1.3.24.x
apache / http_server	1.3.20	1.3.20.x
apache / http_server	1.3.2	1.3.2.x
apache / tomcat	4.0.6	4.0.6.x
apache / http_server	1.3.13	1.3.13.x
apache / tomcat	4.0.3	4.0.3.x
apache / http_server	1.3.18	1.3.18.x
apache / tomcat	4.0.1	4.0.1.x
apache / http_server	1.3.0	1.3.0.x
apache / http_server	1.3	1.3.x
apache / http_server	1.3.12	1.3.12.x
apache / tomcat	4.1.1	4.1.1.x
apache / tomcat	4.1.12	4.1.12.x
apache / http_server	1.3.17	1.3.17.x
apache / http_server	1.3.26	1.3.26.x
apache / tomcat	4.1.3-beta	4.1.3-beta.x
apache / http_server	1.3.15	1.3.15.x
apache / http_server	1.3.14	1.3.14.x
apache / tomcat	4.1.10	4.1.10.x
apache / tomcat	4.1.0	4.1.0.x
apache / http_server	1.3.22	1.3.22.x
apache / tomcat	4.0.2	4.0.2.x
apache / http_server	1.3.11	1.3.11.x
apache / tomcat	4.1.3	4.1.3.x
apache / tomcat	4.0.5	4.0.5.x
apache / tomcat	4.0.0	4.0.0.x

Vulnerability Database

289,599

CVE-2002-2272