CVE-2002-0493 Information

Description

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file which could allow attackers to bypass intended restrictions.

Reference

http://marc.info/?l=bugtraq&m=101709002410365&w=2 http://www.apachelabs.org/tomcat-dev/200108.mbox/3C20010810000819.6350.qmail@icarus.apache.org3E http://www.iss.net/security_center/static/9863.php https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@3Cdev.tomcat.apache.org3E