Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@4.0.4 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-99es-8ecb-uub8
Aliases: CVE-2002-0935 GHSA-xmf4-j3j7-xj7q |
Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-r1bk-cqhx-ebc5
Aliases: CVE-2002-1148 GHSA-jxcv-v856-j5vg |
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. |
Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T16:00:26.465652+00:00 | GHSA Importer | Affected by | VCID-r1bk-cqhx-ebc5 | https://github.com/advisories/GHSA-jxcv-v856-j5vg | 38.0.0 |
| 2026-04-01T12:49:54.994741+00:00 | GitLab Importer | Affected by | VCID-r1bk-cqhx-ebc5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2002-1148.yml | 38.0.0 |
| 2026-04-01T12:38:20.588694+00:00 | Apache Tomcat Importer | Affected by | VCID-99es-8ecb-uub8 | https://tomcat.apache.org/security-4.html | 38.0.0 |
| 2026-04-01T12:38:20.535475+00:00 | Apache Tomcat Importer | Affected by | VCID-r1bk-cqhx-ebc5 | https://tomcat.apache.org/security-4.html | 38.0.0 |