Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@4.1.40
purl pkg:maven/org.apache.tomcat/tomcat@4.1.40
Tags Ghost
Next non-vulnerable version 9.0.117
Latest non-vulnerable version 11.0.21
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-1bxf-s34t-sffn
Aliases:
CVE-2005-4836
GHSA-qrcx-p4rr-g48h
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:30:29.789294+00:00 GHSA Importer Fixing VCID-mnf8-t3ew-4fgb https://github.com/advisories/GHSA-9737-qmgc-hfr9 38.1.0
2026-04-01T16:00:36.732789+00:00 GHSA Importer Fixing VCID-4rcx-xfn5-7kdb https://github.com/advisories/GHSA-w227-xcfx-3pj8 38.0.0
2026-04-01T16:00:27.296290+00:00 GHSA Importer Affected by VCID-1bxf-s34t-sffn https://github.com/advisories/GHSA-qrcx-p4rr-g48h 38.0.0
2026-04-01T13:08:59.766514+00:00 GithubOSV Importer Fixing VCID-mnf8-t3ew-4fgb https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9737-qmgc-hfr9/GHSA-9737-qmgc-hfr9.json 38.0.0
2026-04-01T13:08:52.513284+00:00 GithubOSV Importer Fixing VCID-4rcx-xfn5-7kdb https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w227-xcfx-3pj8/GHSA-w227-xcfx-3pj8.json 38.0.0
2026-04-01T12:50:32.008631+00:00 GitLab Importer Fixing VCID-mnf8-t3ew-4fgb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2008-5515.yml 38.0.0
2026-04-01T12:50:01.182708+00:00 GitLab Importer Fixing VCID-4rcx-xfn5-7kdb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2009-0580.yml 38.0.0
2026-04-01T12:49:57.135682+00:00 GitLab Importer Affected by VCID-1bxf-s34t-sffn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2005-4836.yml 38.0.0
2026-04-01T12:38:19.688316+00:00 Apache Tomcat Importer Fixing VCID-r84b-7ay9-ekcm https://tomcat.apache.org/security-4.html 38.0.0
2026-04-01T12:38:19.658361+00:00 Apache Tomcat Importer Fixing VCID-bung-pa58-ayfv https://tomcat.apache.org/security-4.html 38.0.0
2026-04-01T12:38:19.629768+00:00 Apache Tomcat Importer Fixing VCID-4rcx-xfn5-7kdb https://tomcat.apache.org/security-4.html 38.0.0
2026-04-01T12:38:19.601243+00:00 Apache Tomcat Importer Fixing VCID-dcrp-rae1-zfcm https://tomcat.apache.org/security-4.html 38.0.0
2026-04-01T12:38:19.574040+00:00 Apache Tomcat Importer Fixing VCID-mnf8-t3ew-4fgb https://tomcat.apache.org/security-4.html 38.0.0