VulnerableCode Package Details - pkg:apache/tomcat@4.0.1

Search for packages

Package details: pkg:apache/tomcat@4.0.1

Essentials
History (15)

purl	pkg:apache/tomcat@4.0.1

Next non-vulnerable version	4.1.3
Latest non-vulnerable version	11.0.8
Risk	10.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-1bxb-dc7f-aaad Aliases: CVE-2007-1355 GHSA-4c6x-gfc8-c26r	CVE-2007-1355 tomcat XSS in samples	4.1.37 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.5.24 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.0.11 Affected by 0 other vulnerabilities.
VCID-5p51-8u8j-aaaj Aliases: CVE-2007-2450 GHSA-5c5p-jxvx-x7j2	CVE-2007-2450 tomcat host manager XSS	4.1.37 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.5.25 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.0.14 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-9nv6-j6xm-aaaj Aliases: CVE-2002-2009 GHSA-r6cf-cr44-m8rr	Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.	4.0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-p28h-7k6p-aaae Aliases: CVE-2001-0917 GHSA-2w2w-cv3h-rr38	Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.	4.0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-vyaw-vkvq-aaas Aliases: CVE-2005-3164 GHSA-qhqv-q4xg-f6g7	The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.	4.1.37 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:40.938620+00:00	Apache Tomcat Importer	Affected by	VCID-p28h-7k6p-aaae	https://tomcat.apache.org/security-4.html	36.0.0
2025-03-28T13:19:40.888476+00:00	Apache Tomcat Importer	Affected by	VCID-9nv6-j6xm-aaaj	https://tomcat.apache.org/security-4.html	36.0.0
2025-03-28T13:19:39.423153+00:00	Apache Tomcat Importer	Affected by	VCID-5p51-8u8j-aaaj	https://tomcat.apache.org/security-4.html	36.0.0
2025-03-28T13:19:39.281983+00:00	Apache Tomcat Importer	Affected by	VCID-1bxb-dc7f-aaad	https://tomcat.apache.org/security-4.html	36.0.0
2025-03-28T13:19:39.210320+00:00	Apache Tomcat Importer	Affected by	VCID-vyaw-vkvq-aaas	https://tomcat.apache.org/security-4.html	36.0.0
2024-09-18T08:17:50.811204+00:00	Apache Tomcat Importer	Affected by	VCID-p28h-7k6p-aaae	https://tomcat.apache.org/security-4.html	34.0.1
2024-09-18T08:17:50.763152+00:00	Apache Tomcat Importer	Affected by	VCID-9nv6-j6xm-aaaj	https://tomcat.apache.org/security-4.html	34.0.1
2024-09-18T08:17:49.296096+00:00	Apache Tomcat Importer	Affected by	VCID-5p51-8u8j-aaaj	https://tomcat.apache.org/security-4.html	34.0.1
2024-09-18T08:17:49.159102+00:00	Apache Tomcat Importer	Affected by	VCID-1bxb-dc7f-aaad	https://tomcat.apache.org/security-4.html	34.0.1
2024-09-18T08:17:49.088537+00:00	Apache Tomcat Importer	Affected by	VCID-vyaw-vkvq-aaas	https://tomcat.apache.org/security-4.html	34.0.1
2024-01-04T02:15:53.854165+00:00	Apache Tomcat Importer	Affected by	VCID-p28h-7k6p-aaae	https://tomcat.apache.org/security-4.html	34.0.0rc1
2024-01-04T02:15:53.807449+00:00	Apache Tomcat Importer	Affected by	VCID-9nv6-j6xm-aaaj	https://tomcat.apache.org/security-4.html	34.0.0rc1
2024-01-04T02:15:52.390986+00:00	Apache Tomcat Importer	Affected by	VCID-5p51-8u8j-aaaj	https://tomcat.apache.org/security-4.html	34.0.0rc1
2024-01-04T02:15:52.254980+00:00	Apache Tomcat Importer	Affected by	VCID-1bxb-dc7f-aaad	https://tomcat.apache.org/security-4.html	34.0.0rc1
2024-01-04T02:15:52.188721+00:00	Apache Tomcat Importer	Affected by	VCID-vyaw-vkvq-aaas	https://tomcat.apache.org/security-4.html	34.0.0rc1