Search for packages
| purl | pkg:apache/tomcat@4.0.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-27q8-96un-9fbk
Aliases: CVE-2007-1355 GHSA-4c6x-gfc8-c26r |
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. |
Affected by 3 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-41ps-jy8t-cyfm
Aliases: CVE-2001-0917 GHSA-2w2w-cv3h-rr38 |
Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension. |
Affected by 1 other vulnerability. |
|
VCID-gcgw-9fjy-nuap
Aliases: CVE-2002-2009 GHSA-r6cf-cr44-m8rr |
Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message. |
Affected by 1 other vulnerability. |
|
VCID-mp3r-5531-uqg5
Aliases: CVE-2005-3164 GHSA-qhqv-q4xg-f6g7 |
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages. |
Affected by 3 other vulnerabilities. |
|
VCID-tcju-3rvu-wkht
Aliases: CVE-2007-2450 GHSA-5c5p-jxvx-x7j2 |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. |
Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:20.700395+00:00 | Apache Tomcat Importer | Affected by | VCID-41ps-jy8t-cyfm | https://tomcat.apache.org/security-4.html | 38.0.0 |
| 2026-04-01T12:38:20.673661+00:00 | Apache Tomcat Importer | Affected by | VCID-gcgw-9fjy-nuap | https://tomcat.apache.org/security-4.html | 38.0.0 |
| 2026-04-01T12:38:19.894821+00:00 | Apache Tomcat Importer | Affected by | VCID-tcju-3rvu-wkht | https://tomcat.apache.org/security-4.html | 38.0.0 |
| 2026-04-01T12:38:19.829150+00:00 | Apache Tomcat Importer | Affected by | VCID-27q8-96un-9fbk | https://tomcat.apache.org/security-4.html | 38.0.0 |
| 2026-04-01T12:38:19.792155+00:00 | Apache Tomcat Importer | Affected by | VCID-mp3r-5531-uqg5 | https://tomcat.apache.org/security-4.html | 38.0.0 |