Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache Tomcat Number Of NVD 240 CRITICAL 16 HIGH 74 MEDIUM 133 LOW 15
URL http://tomcat.apache.org/
Explanation ApacheTomcat is a web container (servlet container, servlet engine) for running Java Servlets and Java Server Pages (JSP).
It was previously developed by the Jakarta project.
It can also be used as a web server for static content delivery.
It has been adopted by many companies that require large scale and stable systems.
Tag
  • オープンソース
  • Apache License v2.0

Add Information URL
No Type Name URL
1 http://tomcat.apache.org/security.html
2 http://tomcat.apache.org/whichversion.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
111 Apache Tomcat 11.0 11.0.14 June 22, 2026 Feb. 23, 2023 10 15 9 1
112 Apache Tomcat 10.1 10.1.49 Nov. 10, 2025 Sept. 26, 2022 10 21 10 2
113 Apache Tomcat 9.0 9.0.118 May 10, 2026 Jan. 22, 2018 16 54 30 2
114 Apache Tomcat 8.5 8.5.100 March 25, 2024 June 13, 2016 12 46 26 2
115 Apache Tomcat 8 8.0.53 June 29, 2018 June 25, 2014 June 30, 2018 6 21 22 0
116 Apache Tomcat 7 7.0.109 April 22, 2021 June 29, 2010 March 31, 2021 10 35 59 6
117 Apache Tomcat 6 6.0.53 April 2, 2017 Dec. 1, 2006 Dec. 31, 2016 4 16 63 5
118 Apache Tomcat 5.5 5.5.9 0 0 0 0
119 Apache Tomcat 5.0 5.0.9 0 0 0 0
120 Apache Tomcat 4.1 4.1.9 0 0 0 0
121 Apache Tomcat 4.0 4.0.6 0 0 0 0
122 Apache Tomcat 3.3 3.3.2 0 0 0 0
123 Apache Tomcat 3.2 3.2.4 0 0 0 0
124 Apache Tomcat 3.1 3.1.1 0 0 0 0
125 Apache Tomcat 3.0 3.0 0 0 0 0
126 Apache Tomcat 1.1 1.1.3 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
111 8.8
6.8
HIGH
Network
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, wh… CWE-352
 Origin Validation Error
CVE-2015-5351 cpe:2.3:a:apache:tomcat:9.0.0:milestone1
cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apache:tomcat:8.0.30:*
cpe:…
2024-11-21 11:32
2016-02-25
Show GitHub Exploit DB Packet Storm
112 8.1
6.8
HIGH
Network
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the sam… NVD-CWE-Other
CVE-2015-5346 cpe:2.3:a:apache:tomcat:9.0.0:milestone1
cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apache:tomcat:8.0.29:*
cpe:…
2024-11-21 11:32
2016-02-25
Show GitHub Exploit DB Packet Storm
113 5.3
5.0
MEDIUM
Network
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which a… CWE-22
Path Traversal
CVE-2015-5345 cpe:2.3:a:apache:tomcat:9.0.0:milestone1
cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apache:tomcat:8.0.29:*
cpe:…
2024-11-21 11:32
2016-02-25
Show GitHub Exploit DB Packet Storm
114 4.3
4.0
MEDIUM
Network
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager… CWE-22
Path Traversal
CVE-2015-5174 cpe:2.3:a:apache:tomcat:8.0.26:*
cpe:2.3:a:apache:tomcat:8.0.24:*
cpe:2.3:a:apache:tomcat:8.0.23:*
cpe:2.3:a:a…
2024-11-21 11:32
2016-02-25
Show GitHub Exploit DB Packet Storm
115 6.3
6.5
MEDIUM
Network
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLink… CWE-264
Permissions, Privileges, and Access Controls
CVE-2016-0763 cpe:2.3:a:apache:tomcat:9.0.0:milestone1
cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apache:tomcat:8.0.30:*
cpe:…
2024-11-21 11:42
2016-02-25
Show GitHub Exploit DB Packet Storm
116 -
5.0
MEDIUM The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemen… CWE-284
Improper Access Control
CVE-2014-7810 cpe:2.3:a:apache:tomcat:8.0.9:*
cpe:2.3:a:apache:tomcat:8.0.9:*
cpe:2.3:a:apache:tomcat:8.0.8:*
cpe:2.3:a:apac…
2024-11-21 11:18
2015-06-8
Show GitHub Exploit DB Packet Storm
117 -
7.8
HIGH Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which all… CWE-399
 Resource Management Errors
CVE-2014-0230 cpe:2.3:a:apache:tomcat:8.0.8:*
cpe:2.3:a:apache:tomcat:8.0.5:*
cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apac…
2024-11-21 11:01
2015-06-8
Show GitHub Exploit DB Packet Storm
118 -
6.4
MEDIUM java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data af… CWE-19
 Data Processing Errors
CVE-2014-0227 cpe:2.3:a:apache:tomcat:8.0.8:*
cpe:2.3:a:apache:tomcat:8.0.5:*
cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apac…
2024-11-21 11:01
2015-02-16
Show GitHub Exploit DB Packet Storm
119 -
6.8
MEDIUM Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execut… CWE-94
Code Injection
CVE-2013-4444 cpe:2.3:a:apache:tomcat:7.0.4:beta
cpe:2.3:a:apache:tomcat:7.0.4:*
cpe:2.3:a:apache:tomcat:7.0.3:*
cpe:2.3:a:a…
7.0.39 2024-11-21 10:55
2014-09-12
Show GitHub Exploit DB Packet Storm
120 -
4.3
MEDIUM Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attack… CWE-264
Permissions, Privileges, and Access Controls
CVE-2014-0119 cpe:2.3:a:apache:tomcat:8.0.5:*
cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apache:tomcat:8.0.1:*
cpe:2.3:a:apac…
6.0.39 2024-11-21 11:01
2014-05-31
Show GitHub Exploit DB Packet Storm