Search for packages
| purl | pkg:apache/tomcat@4.1.32 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8w1a-ww52-x7em
Aliases: CVE-2008-4308 GHSA-7g59-hm8v-cwmc |
The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-18j8-kwdv-dyak | Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files. |
CVE-2005-3510
GHSA-8f4w-jwqv-5cxc |
| VCID-2jnv-segx-zkfd | Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do. |
CVE-2006-3835
GHSA-wfj7-mhr5-pcwq |
| VCID-86ur-vudp-4yc2 | The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. |
CVE-2007-1858
|
| VCID-bhq7-d545-27bj | Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1. |
CVE-2006-7196
GHSA-pm78-wxxf-fw98 |
| VCID-fvvt-kufu-k3a6 | Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve. |
CVE-2008-3271
|
| VCID-q7jp-hn4a-4kec | Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. |
CVE-2005-4838
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:38:20.384485+00:00 | Apache Tomcat Importer | Fixing | VCID-18j8-kwdv-dyak | https://tomcat.apache.org/security-4.html | 38.0.0 |
| 2026-04-01T12:38:20.349382+00:00 | Apache Tomcat Importer | Fixing | VCID-q7jp-hn4a-4kec | https://tomcat.apache.org/security-4.html | 38.0.0 |
| 2026-04-01T12:38:20.315151+00:00 | Apache Tomcat Importer | Fixing | VCID-2jnv-segx-zkfd | https://tomcat.apache.org/security-4.html | 38.0.0 |
| 2026-04-01T12:38:20.280236+00:00 | Apache Tomcat Importer | Fixing | VCID-bhq7-d545-27bj | https://tomcat.apache.org/security-4.html | 38.0.0 |
| 2026-04-01T12:38:20.247054+00:00 | Apache Tomcat Importer | Fixing | VCID-86ur-vudp-4yc2 | https://tomcat.apache.org/security-4.html | 38.0.0 |
| 2026-04-01T12:38:20.219332+00:00 | Apache Tomcat Importer | Fixing | VCID-fvvt-kufu-k3a6 | https://tomcat.apache.org/security-4.html | 38.0.0 |
| 2026-04-01T12:38:20.187773+00:00 | Apache Tomcat Importer | Affected by | VCID-8w1a-ww52-x7em | https://tomcat.apache.org/security-4.html | 38.0.0 |