Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@4.0
purl pkg:maven/org.apache.tomcat/tomcat@4.0
Tags Ghost
Next non-vulnerable version 9.0.117
Latest non-vulnerable version 11.0.21
Risk 10.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-9y3t-7vfv-cbd2
Aliases:
CVE-2003-0866
GHSA-7wj2-48c4-2684
The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
4.1.0
Affected by 31 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T16:00:25.356938+00:00 GHSA Importer Affected by VCID-9y3t-7vfv-cbd2 https://github.com/advisories/GHSA-7wj2-48c4-2684 38.0.0
2026-04-01T12:49:54.779188+00:00 GitLab Importer Affected by VCID-9y3t-7vfv-cbd2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2003-0866.yml 38.0.0