Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:apache/tomcat@3.2.3
purl pkg:apache/tomcat@3.2.3
Next non-vulnerable version 4.1.3
Latest non-vulnerable version 11.0.21
Risk 10.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-56a7-wfbu-7be8
Aliases:
CVE-2001-1563
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.
3.2.4
Affected by 8 other vulnerabilities.
VCID-rybd-nsf5-j7fr
Aliases:
CVE-2002-2007
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
3.3.0-a
Affected by 5 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:38:21.171541+00:00 Apache Tomcat Importer Affected by VCID-56a7-wfbu-7be8 https://tomcat.apache.org/security-3.html 38.0.0
2026-04-01T12:38:21.065949+00:00 Apache Tomcat Importer Affected by VCID-rybd-nsf5-j7fr https://tomcat.apache.org/security-3.html 38.0.0