VulnerableCode Package Details - pkg:apache/tomcat@4.0.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-av1e-fm3v-aaag Aliases: CVE-2002-0935 GHSA-xmf4-j3j7-xj7q	Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.	4.1.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-av1e-fm3v-aaag
Aliases:
CVE-2002-0935
GHSA-xmf4-j3j7-xj7q

Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.

4.1.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9nv6-j6xm-aaaj	Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.	CVE-2002-2009 GHSA-r6cf-cr44-m8rr
VCID-p28h-7k6p-aaae	Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.	CVE-2001-0917 GHSA-2w2w-cv3h-rr38

Vulnerability

Summary

Aliases

VCID-9nv6-j6xm-aaaj

Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.

CVE-2002-2009
GHSA-r6cf-cr44-m8rr

VCID-p28h-7k6p-aaae

Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.

CVE-2001-0917
GHSA-2w2w-cv3h-rr38

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:40.943431+00:00	Apache Tomcat Importer	Fixing	VCID-p28h-7k6p-aaae	https://tomcat.apache.org/security-4.html	36.0.0
2025-03-28T13:19:40.893380+00:00	Apache Tomcat Importer	Fixing	VCID-9nv6-j6xm-aaaj	https://tomcat.apache.org/security-4.html	36.0.0
2025-03-28T13:19:40.683577+00:00	Apache Tomcat Importer	Affected by	VCID-av1e-fm3v-aaag	https://tomcat.apache.org/security-4.html	36.0.0
2024-09-18T08:17:50.815963+00:00	Apache Tomcat Importer	Fixing	VCID-p28h-7k6p-aaae	https://tomcat.apache.org/security-4.html	34.0.1
2024-09-18T08:17:50.768092+00:00	Apache Tomcat Importer	Fixing	VCID-9nv6-j6xm-aaaj	https://tomcat.apache.org/security-4.html	34.0.1
2024-09-18T08:17:50.559799+00:00	Apache Tomcat Importer	Affected by	VCID-av1e-fm3v-aaag	https://tomcat.apache.org/security-4.html	34.0.1
2024-01-04T02:15:53.858596+00:00	Apache Tomcat Importer	Fixing	VCID-p28h-7k6p-aaae	https://tomcat.apache.org/security-4.html	34.0.0rc1
2024-01-04T02:15:53.812159+00:00	Apache Tomcat Importer	Fixing	VCID-9nv6-j6xm-aaaj	https://tomcat.apache.org/security-4.html	34.0.0rc1
2024-01-04T02:15:53.614087+00:00	Apache Tomcat Importer	Affected by	VCID-av1e-fm3v-aaag	https://tomcat.apache.org/security-4.html	34.0.0rc1