CVE-2002-1895
The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
We have discovered 3,804 live websites that are affected by CVE-2002-1895.
Affected Software
| Product |  Apache Tomcat |
| Category | Web Servers |
| Vulnerable Domains | 3,804 live websites (26.83% of Apache Tomcat install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 2 versions ( 0.51% of all versions) |
Details
- Published - Jun 28, 2005
- Updated - Aug 8, 2024
CVE References
CVE-2002-1895 usage by Country
 United States | 574 websites |
 Canada | 1,381 websites |
 China | 605 websites |
 Bangladesh | 134 websites |
 Hong Kong | 114 websites |
 Germany | 83 websites |
 France | 78 websites |
 Spain | 77 websites |
 Italy | 75 websites |
CVE-2002-1895 usage by TLD
| .com | 2,045 websites |
| .org | 213 websites |
| .net | 186 websites |
| .cn | 160 websites |
| .com.cn | 87 websites |
| .de | 51 websites |
| .es | 41 websites |
| .it | 41 websites |
| .fr | 35 websites |
| .edu | 35 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2002-1895
Top websites that are affected by CVE-2002-1895. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.*****.org | United States | **,*** | |
| *****.de | Germany | **,*** | |
| ****************************.org |  Netherlands | **,*** | |
| ****.com | United States | **,*** | |
| *************.***.mx | United States | **,*** | |
| ********.com | United States | **,*** | |
| *****.hu |  Hungary | ***,*** | |
| ********.***.****.gov | United States | ***,*** | |
| ***.***.org |  Switzerland | ***,*** | |
| **************.com | United States | ***,*** |
FAQ
A total of 3,804 websites have been identified as vulnerable to CVE-2002-1895, discovered through global website indexing conducted by WebTechSurvey.
Apache Tomcat is susceptible to CVE-2002-1895 vulnerability.
Apache Tomcat versions before 4.0.4 are vulnerable to CVE-2002-1895.
Version 4.0.4 of Apache Tomcat addresses the CVE-2002-1895 security vulnerability.
References
- http://tomcat.apache.org/security-4.html
- http://www.iss.net/security_center/static/10348.php
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0020.html
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E