VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat@4.1.31

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.tomcat/tomcat@4.1.31

Essentials
History (8)

purl	pkg:maven/org.apache.tomcat/tomcat@4.1.31
Tags	Ghost

Next non-vulnerable version	9.0.117
Latest non-vulnerable version	11.0.21
Risk	10.0

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-18j8-kwdv-dyak Aliases: CVE-2005-3510 GHSA-8f4w-jwqv-5cxc	Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.	4.1.32 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.5.12 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.5.13, Affected by 0 other vulnerabilities.
VCID-2jnv-segx-zkfd Aliases: CVE-2006-3835 GHSA-wfj7-mhr5-pcwq	Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.	4.1.32 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.5.13, Affected by 0 other vulnerabilities. 5.5.17 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-86ur-vudp-4yc2 Aliases: CVE-2007-1858	The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.	4.1.32 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.5.17, Affected by 0 other vulnerabilities.
VCID-bhq7-d545-27bj Aliases: CVE-2006-7196 GHSA-pm78-wxxf-fw98	Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.	4.1.32 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.0.31 Affected by 0 other vulnerabilities. 5.5.16 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.5.16, Affected by 0 other vulnerabilities.
VCID-fvvt-kufu-k3a6 Aliases: CVE-2008-3271	Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.	4.1.32 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.5.1 Affected by 0 other vulnerabilities.
VCID-g5zu-bvtd-vua4 Aliases: CVE-2007-4724 GHSA-g77g-vjjm-x83j	Cross-Site Request Forgery (CSRF) Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.	There are no reported fixed by versions.
VCID-q7jp-hn4a-4kec Aliases: CVE-2005-4838	Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.	4.1.32 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.5.7, Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:00:31.235634+00:00	GHSA Importer	Affected by	VCID-g5zu-bvtd-vua4	https://github.com/advisories/GHSA-g77g-vjjm-x83j	38.0.0
2026-04-01T12:49:58.295738+00:00	GitLab Importer	Affected by	VCID-g5zu-bvtd-vua4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2007-4724.yml	38.0.0
2026-04-01T12:38:20.396549+00:00	Apache Tomcat Importer	Affected by	VCID-18j8-kwdv-dyak	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:20.361924+00:00	Apache Tomcat Importer	Affected by	VCID-q7jp-hn4a-4kec	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:20.327892+00:00	Apache Tomcat Importer	Affected by	VCID-2jnv-segx-zkfd	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:20.293149+00:00	Apache Tomcat Importer	Affected by	VCID-bhq7-d545-27bj	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:20.255450+00:00	Apache Tomcat Importer	Affected by	VCID-86ur-vudp-4yc2	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:20.227604+00:00	Apache Tomcat Importer	Affected by	VCID-fvvt-kufu-k3a6	https://tomcat.apache.org/security-4.html	38.0.0