VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat@4.1.37

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.tomcat/tomcat@4.1.37

Essentials
History (24)

purl	pkg:maven/org.apache.tomcat/tomcat@4.1.37
Tags	Ghost

Next non-vulnerable version	9.0.117
Latest non-vulnerable version	11.0.21
Risk	10.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-a9cu-fxqw-xkdg Aliases: CVE-2008-1232 GHSA-q74x-qqhr-f8rx	Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.	4.1.38 Affected by 0 other vulnerabilities. 4.1.39 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.5.27 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.0.17 Affected by 0 other vulnerabilities. 6.0.18 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-acmu-9eqb-fya5 Aliases: CVE-2008-2370 GHSA-m8h8-6rvg-f4mg	Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.	4.1.38 Affected by 0 other vulnerabilities. 4.1.39 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.5.27 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.0.18 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qdck-q54n-rkcv Aliases: CVE-2008-0128	The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.	4.1.39 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.5.21 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 6.0.9 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-rwvj-tq6x-2ubs Aliases: CVE-2008-2938 GHSA-m7xj-ccqc-p4g2	Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.	4.1.39 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.5.27 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.0.18 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-11T23:01:56.118866+00:00	GitLab Importer	Fixing	VCID-v94p-bxm3-akfd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2007-5333.yml	38.3.0
2026-04-02T23:10:23.441242+00:00	GitLab Importer	Fixing	VCID-v94p-bxm3-akfd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2007-5333.yml	38.1.0
2026-04-01T16:00:35.066443+00:00	GHSA Importer	Affected by	VCID-rwvj-tq6x-2ubs	https://github.com/advisories/GHSA-m7xj-ccqc-p4g2	38.0.0
2026-04-01T16:00:34.861803+00:00	GHSA Importer	Affected by	VCID-acmu-9eqb-fya5	https://github.com/advisories/GHSA-m8h8-6rvg-f4mg	38.0.0
2026-04-01T16:00:33.677167+00:00	GHSA Importer	Affected by	VCID-a9cu-fxqw-xkdg	https://github.com/advisories/GHSA-q74x-qqhr-f8rx	38.0.0
2026-04-01T16:00:31.384415+00:00	GHSA Importer	Fixing	VCID-v94p-bxm3-akfd	https://github.com/advisories/GHSA-cww4-vj5r-rx57	38.0.0
2026-04-01T16:00:30.249058+00:00	GHSA Importer	Fixing	VCID-tcju-3rvu-wkht	https://github.com/advisories/GHSA-5c5p-jxvx-x7j2	38.0.0
2026-04-01T13:09:53.742587+00:00	GithubOSV Importer	Fixing	VCID-v94p-bxm3-akfd	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cww4-vj5r-rx57/GHSA-cww4-vj5r-rx57.json	38.0.0
2026-04-01T13:09:45.949824+00:00	GithubOSV Importer	Fixing	VCID-tcju-3rvu-wkht	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5c5p-jxvx-x7j2/GHSA-5c5p-jxvx-x7j2.json	38.0.0
2026-04-01T12:49:59.396605+00:00	GitLab Importer	Affected by	VCID-acmu-9eqb-fya5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2008-2370.yml	38.0.0
2026-04-01T12:49:58.167821+00:00	GitLab Importer	Fixing	VCID-v94p-bxm3-akfd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2007-5333.yml	38.0.0
2026-04-01T12:49:56.347737+00:00	GitLab Importer	Affected by	VCID-a9cu-fxqw-xkdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2008-1232.yml	38.0.0
2026-04-01T12:38:20.070441+00:00	Apache Tomcat Importer	Fixing	VCID-88v7-kc2y-bfd7	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:20.036462+00:00	Apache Tomcat Importer	Fixing	VCID-v94p-bxm3-akfd	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:20.009279+00:00	Apache Tomcat Importer	Fixing	VCID-6p3e-4u8s-17ep	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:19.983021+00:00	Apache Tomcat Importer	Fixing	VCID-p45v-qpgg-qqfj	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:19.944933+00:00	Apache Tomcat Importer	Fixing	VCID-7969-7a8h-zyhh	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:19.917607+00:00	Apache Tomcat Importer	Fixing	VCID-tcju-3rvu-wkht	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:19.884232+00:00	Apache Tomcat Importer	Fixing	VCID-peya-mr7j-vugf	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:19.849796+00:00	Apache Tomcat Importer	Fixing	VCID-27q8-96un-9fbk	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:19.816065+00:00	Apache Tomcat Importer	Fixing	VCID-mp3r-5531-uqg5	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:19.773384+00:00	Apache Tomcat Importer	Affected by	VCID-acmu-9eqb-fya5	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:19.744944+00:00	Apache Tomcat Importer	Affected by	VCID-a9cu-fxqw-xkdg	https://tomcat.apache.org/security-4.html	38.0.0
2026-04-01T12:38:19.717099+00:00	Apache Tomcat Importer	Affected by	VCID-qdck-q54n-rkcv	https://tomcat.apache.org/security-4.html	38.0.0