Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:apache/tomcat@3.3.1-a
purl pkg:apache/tomcat@3.3.1-a
Next non-vulnerable version 4.1.3
Latest non-vulnerable version 11.0.21
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-6ss8-442a-3baf
Aliases:
CVE-2003-0044
GHSA-5hgm-qm5m-5vmw
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
3.3.2
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-6yk2-f8d5-cyc3 Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file. CVE-2003-0043
GHSA-cvx5-7vc7-rg77
VCID-shq7-jxup-5fgk Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character. CVE-2003-0042
GHSA-qfw2-wvrw-mvw4

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:38:20.983240+00:00 Apache Tomcat Importer Fixing VCID-shq7-jxup-5fgk https://tomcat.apache.org/security-3.html 38.0.0
2026-04-01T12:38:20.933340+00:00 Apache Tomcat Importer Fixing VCID-6yk2-f8d5-cyc3 https://tomcat.apache.org/security-3.html 38.0.0
2026-04-01T12:38:20.879666+00:00 Apache Tomcat Importer Affected by VCID-6ss8-442a-3baf https://tomcat.apache.org/security-3.html 38.0.0