Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@4.1.28
purl pkg:maven/org.apache.tomcat/tomcat@4.1.28
Tags Ghost
Next non-vulnerable version 9.0.117
Latest non-vulnerable version 11.0.21
Risk 10.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-86ur-vudp-4yc2
Aliases:
CVE-2007-1858
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
4.1.32
Affected by 1 other vulnerability.
5.5.17,
Affected by 0 other vulnerabilities.
VCID-afg3-t31c-ffgp
Aliases:
CVE-2002-1567
GHSA-86fp-jgwm-wgj5
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
4.1.29
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:38:20.425080+00:00 Apache Tomcat Importer Affected by VCID-afg3-t31c-ffgp https://tomcat.apache.org/security-4.html 38.0.0
2026-04-01T12:38:20.253317+00:00 Apache Tomcat Importer Affected by VCID-86ur-vudp-4yc2 https://tomcat.apache.org/security-4.html 38.0.0