VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat@4.0.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-av1e-fm3v-aaag Aliases: CVE-2002-0935 GHSA-xmf4-j3j7-xj7q	Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.	4.1.3-beta Affected by 0 other vulnerabilities. 4.1.3 Affected by 0 other vulnerabilities.
VCID-ncxu-ua7h-aaab Aliases: CVE-2002-1148 GHSA-jxcv-v856-j5vg	The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.	4.0.5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.1.12 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.1.12, Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-av1e-fm3v-aaag
Aliases:
CVE-2002-0935
GHSA-xmf4-j3j7-xj7q

Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.

4.1.3-beta
Affected by 0 other vulnerabilities.

4.1.3
Affected by 0 other vulnerabilities.

VCID-ncxu-ua7h-aaab
Aliases:
CVE-2002-1148
GHSA-jxcv-v856-j5vg

The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.

4.0.5
Affected by 2 other vulnerabilities.

4.1.12
Affected by 3 other vulnerabilities.

4.1.12,
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:19:40.739597+00:00	Apache Tomcat Importer	Affected by	VCID-av1e-fm3v-aaag	https://tomcat.apache.org/security-4.html	36.0.0
2025-03-28T13:19:40.643133+00:00	Apache Tomcat Importer	Affected by	VCID-ncxu-ua7h-aaab	https://tomcat.apache.org/security-4.html	36.0.0
2024-09-18T08:17:50.621845+00:00	Apache Tomcat Importer	Affected by	VCID-av1e-fm3v-aaag	https://tomcat.apache.org/security-4.html	34.0.1
2024-09-18T08:17:50.516870+00:00	Apache Tomcat Importer	Affected by	VCID-ncxu-ua7h-aaab	https://tomcat.apache.org/security-4.html	34.0.1
2024-09-17T22:36:30.621077+00:00	GitLab Importer	Affected by	VCID-ncxu-ua7h-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2002-1148.yml	34.0.1
2024-09-17T22:01:07.912662+00:00	GHSA Importer	Affected by	VCID-ncxu-ua7h-aaab	https://github.com/advisories/GHSA-jxcv-v856-j5vg	34.0.1
2024-02-14T15:18:38.349103+00:00	GitLab Importer	Affected by	VCID-ncxu-ua7h-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2002-1148.yml	34.0.0rc2
2024-02-12T20:16:44.574976+00:00	GHSA Importer	Affected by	VCID-ncxu-ua7h-aaab	https://github.com/advisories/GHSA-jxcv-v856-j5vg	34.0.0rc2
2024-01-04T02:15:53.667716+00:00	Apache Tomcat Importer	Affected by	VCID-av1e-fm3v-aaag	https://tomcat.apache.org/security-4.html	34.0.0rc1
2024-01-04T02:15:53.574480+00:00	Apache Tomcat Importer	Affected by	VCID-ncxu-ua7h-aaab	https://tomcat.apache.org/security-4.html	34.0.0rc1