CVE-2002-2272

Name: CVE-2002-2272
Creator: NVD / NIST
Published: 2002-12-31T05:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 9.68%

Last modified Jun 16, 2026

CVE-2002-2272 is a vulnerability of currently unknown severity. Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.. EPSS estimates a 9.68% chance of exploitation in the next 30 days.

Description

Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.

Metrics

EPSS Probability

9.68%

94.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions	Update
Apache	Http Server	1.3	—
Apache	Http Server	1.3.0	—
Apache	Http Server	1.3.1	—
Apache	Http Server	1.3.2	—
Apache	Http Server	1.3.10	—
Apache	Http Server	1.3.11	—
Apache	Http Server	1.3.12	—
Apache	Http Server	1.3.13	—
Apache	Http Server	1.3.14	—
Apache	Http Server	1.3.15	—
Apache	Http Server	1.3.16	—
Apache	Http Server	1.3.17	—
Apache	Http Server	1.3.18	—
Apache	Http Server	1.3.19	—
Apache	Http Server	1.3.20	—
Apache	Http Server	1.3.22	—
Apache	Http Server	1.3.23	—
Apache	Http Server	1.3.24	—
Apache	Http Server	1.3.25	—
Apache	Http Server	1.3.26	—
Apache	Http Server	1.3.27	—
Apache	Tomcat	4.0.0	—
Apache	Tomcat	4.0.1	—
Apache	Tomcat	4.0.2	—
Apache	Tomcat	4.0.3	—
Apache	Tomcat	4.0.4	—
Apache	Tomcat	4.0.5	—
Apache	Tomcat	4.0.6	—
Apache	Tomcat	4.1.0	—
Apache	Tomcat	4.1.1	—
Apache	Tomcat	4.1.2	—
Apache	Tomcat	4.1.3	—
Apache	Tomcat	4.1.9	Beta
Apache	Tomcat	4.1.10	—
Apache	Tomcat	4.1.12	—

References

Timeline

Published: Dec 31, 2002
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2002-2272?

How severe is CVE-2002-2272?

Severity scoring for CVE-2002-2272 is pending analysis. The EPSS model estimates a 9.68% probability of exploitation in the next 30 days.

How do I fix CVE-2002-2272?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2002-2272?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST