VulnerableCode Package Details - pkg:apache/tomcat@4.0.5

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apache/tomcat@4.0.5

Essentials
History (2)

purl	pkg:apache/tomcat@4.0.5

Next non-vulnerable version	4.1.3
Latest non-vulnerable version	11.0.21
Risk	10.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-j2sv-62js-xbav Aliases: CVE-2002-1394 GHSA-8v5p-2cpv-c2x6	Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.	4.1.13 Affected by 0 other vulnerabilities.
VCID-ssnx-gz8e-87ab Aliases: CVE-2002-0682	Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.	4.1.13 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:20.483265+00:00	Apache Tomcat Importer	Affected by	VCID-ssnx-gz8e-87ab	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:20.443629+00:00	Apache Tomcat Importer	Affected by	VCID-j2sv-62js-xbav	https://tomcat.apache.org/security-4.html	38.0.0