VulnerableCode Package Details - pkg:apache/tomcat@4.0.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apache/tomcat@4.0.2

Essentials
History (3)

purl	pkg:apache/tomcat@4.0.2

Next non-vulnerable version	4.1.3
Latest non-vulnerable version	11.0.21
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-99es-8ecb-uub8 Aliases: CVE-2002-0935 GHSA-xmf4-j3j7-xj7q	Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.	4.1.3 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-41ps-jy8t-cyfm	Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.	CVE-2001-0917 GHSA-2w2w-cv3h-rr38
VCID-gcgw-9fjy-nuap	Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.	CVE-2002-2009 GHSA-r6cf-cr44-m8rr

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:20.702115+00:00	Apache Tomcat Importer	Fixing	VCID-41ps-jy8t-cyfm	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:20.675483+00:00	Apache Tomcat Importer	Fixing	VCID-gcgw-9fjy-nuap	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:20.561951+00:00	Apache Tomcat Importer	Affected by	VCID-99es-8ecb-uub8	https://tomcat.apache.org/security-4.html	38.0.0