Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:apache/tomcat@3.2.2
purl pkg:apache/tomcat@3.2.2
Next non-vulnerable version 4.1.3
Latest non-vulnerable version 11.0.21
Risk 3.4
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-56a7-wfbu-7be8
Aliases:
CVE-2001-1563
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.
3.2.4
Affected by 8 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-1vxs-pv2f-ufam A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message. CVE-2001-0829
GHSA-58hj-575g-5j25
VCID-a2q2-x613-quav Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0). CVE-2001-0590
GHSA-x445-mmpw-7r4f

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:38:21.250277+00:00 Apache Tomcat Importer Fixing VCID-a2q2-x613-quav https://tomcat.apache.org/security-3.html 38.0.0
2026-04-01T12:38:21.213078+00:00 Apache Tomcat Importer Fixing VCID-1vxs-pv2f-ufam https://tomcat.apache.org/security-3.html 38.0.0
2026-04-01T12:38:21.169699+00:00 Apache Tomcat Importer Affected by VCID-56a7-wfbu-7be8 https://tomcat.apache.org/security-3.html 38.0.0