Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:apache/tomcat@3.2.1
purl pkg:apache/tomcat@3.2.1
Next non-vulnerable version 4.1.3
Latest non-vulnerable version 11.0.21
Risk 10.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-1vxs-pv2f-ufam
Aliases:
CVE-2001-0829
GHSA-58hj-575g-5j25
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
3.2.2
Affected by 1 other vulnerability.
VCID-56a7-wfbu-7be8
Aliases:
CVE-2001-1563
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.
3.2.4
Affected by 8 other vulnerabilities.
VCID-a2q2-x613-quav
Aliases:
CVE-2001-0590
GHSA-x445-mmpw-7r4f
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
3.2.2
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:38:21.248534+00:00 Apache Tomcat Importer Affected by VCID-a2q2-x613-quav https://tomcat.apache.org/security-3.html 38.0.0
2026-04-01T12:38:21.210457+00:00 Apache Tomcat Importer Affected by VCID-1vxs-pv2f-ufam https://tomcat.apache.org/security-3.html 38.0.0
2026-04-01T12:38:21.167425+00:00 Apache Tomcat Importer Affected by VCID-56a7-wfbu-7be8 https://tomcat.apache.org/security-3.html 38.0.0