Software Detail

Software Informaton Top

Web Server

Software Detail

Apache Tomcat

Number Of NVD

231

CRITICAL

HIGH

MEDIUM

130

LOW

URL	http://tomcat.apache.org/
Explanation	ApacheTomcat is a web container (servlet container, servlet engine) for running Java Servlets and Java Server Pages (JSP). It was previously developed by the Jakarta project. It can also be used as a web server for static content delivery. It has been adopted by many companies that require large scale and stable systems.
Tag	Apache License v2.0 オープンソース

Add Information URL

No	Type	Name	URL
1			http://tomcat.apache.org/security.html
2			http://tomcat.apache.org/whichversion.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
111	Apache Tomcat 11.0	11.0.14	Nov. 10, 2025	Feb. 23, 2023		6	13	6	1
112	Apache Tomcat 10.1	10.1.49	Nov. 10, 2025	Sept. 26, 2022		6	19	7	2
113	Apache Tomcat 10.0	10.0.27	Oct. 10, 2022	Dec. 8, 2020		1	15	4	1
114	Apache Tomcat 9.0	9.0.118	May 10, 2026	Jan. 22, 2018		12	52	27	2
115	Apache Tomcat 8.5	8.5.100	March 25, 2024	June 13, 2016		9	44	23	2
116	Apache Tomcat 8	8.0.53	June 29, 2018	June 25, 2014	June 30, 2018	4	20	20	0
117	Apache Tomcat 7	7.0.109	April 22, 2021	June 29, 2010	March 31, 2021	7	34	56	6
118	Apache Tomcat 6	6.0.53	April 2, 2017	Dec. 1, 2006	Dec. 31, 2016	2	15	60	5
119	Apache Tomcat 5.5	5.5.9				0	0	0	0
120	Apache Tomcat 5.0	5.0.9				0	0	0	0
121	Apache Tomcat 4.1	4.1.9				0	0	0	0
122	Apache Tomcat 4.0	4.0.6				0	0	0	0
123	Apache Tomcat 3.3	3.3.2				0	0	0	0
124	Apache Tomcat 3.2	3.2.4				0	0	0	0
125	Apache Tomcat 3.1	3.1.1				0	0	0	0
126	Apache Tomcat 3.0	3.0				0	0	0	0
127	Apache Tomcat 1.1	1.1.3				0	0	0	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
111	- 4.3	MEDIUM	Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attack…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-0119	cpe:2.3:a:apache:tomcat:8.0.5:* cpe:2.3:a:apache:tomcat:8.0.3:* cpe:2.3:a:apache:tomcat:8.0.1:* cpe:2.3:a:apac…	6.0.39	2024-11-21 11:01 2014-05-31	Show	GitHub Exploit DB Packet Storm

112	- 4.3	MEDIUM	Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers t…	CWE-189 Numeric Errors	CVE-2014-0099	cpe:2.3:a:apache:tomcat:8.0.3:* cpe:2.3:a:apache:tomcat:8.0.1:* cpe:2.3:a:apache:tomcat:8.0.0:rc5 cpe:2.3:a:ap…	6.0.39	2024-11-21 11:01 2014-05-31	Show	GitHub Exploit DB Packet Storm

113	- 4.3	MEDIUM	java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-0096	cpe:2.3:a:apache:tomcat:8.0.3:* cpe:2.3:a:apache:tomcat:8.0.1:* cpe:2.3:a:apache:tomcat:8.0.0:rc5 cpe:2.3:a:ap…	6.0.39	2024-11-21 11:01 2014-05-31	Show	GitHub Exploit DB Packet Storm

114	- 5.0	MEDIUM	java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP req…	CWE-20 Improper Input Validation	CVE-2014-0095	cpe:2.3:a:apache:tomcat:8.0.3:* cpe:2.3:a:apache:tomcat:8.0.1:* cpe:2.3:a:apache:tomcat:8.0.0:rc5 cpe:2.3:a:ap…		2024-11-21 11:01 2014-05-31	Show	GitHub Exploit DB Packet Storm

115	- 5.0	MEDIUM	Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remot…	CWE-189 Numeric Errors	CVE-2014-0075	cpe:2.3:a:apache:tomcat:8.0.3:* cpe:2.3:a:apache:tomcat:8.0.1:* cpe:2.3:a:apache:tomcat:8.0.0:rc5 cpe:2.3:a:ap…	6.0.39	2024-11-21 11:01 2014-05-31	Show	GitHub Exploit DB Packet Storm

116	- 7.5	HIGH	MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU co…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-0050	cpe:2.3:a:apache:tomcat:8.0.1:* cpe:2.3:a:apache:tomcat:8.0.0:rc5 cpe:2.3:a:apache:tomcat:8.0.0:rc2 cpe:2.3:a:…		2024-11-21 11:01 2014-04-1	Show	GitHub Exploit DB Packet Storm

117	- 4.3	MEDIUM	org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote atta…	CWE-20 Improper Input Validation	CVE-2014-0033	cpe:2.3:a:apache:tomcat:6.0.37:* cpe:2.3:a:apache:tomcat:6.0.36:* cpe:2.3:a:apache:tomcat:6.0.35:* cpe:2.3:a:a…		2024-11-21 11:01 2014-02-26	Show	GitHub Exploit DB Packet Storm

118	- 4.3	MEDIUM	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a c…	CWE-200 Information Exposure	CVE-2013-4590	cpe:2.3:a:apache:tomcat:8.0.0:rc9 cpe:2.3:a:apache:tomcat:8.0.0:rc8 cpe:2.3:a:apache:tomcat:8.0.0:rc7 cpe:2.3:…	6.0.37	2024-11-21 10:55 2014-02-26	Show	GitHub Exploit DB Packet Storm

119	- 4.3	MEDIUM	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace charac…	CWE-20 Improper Input Validation	CVE-2013-4322	cpe:2.3:a:apache:tomcat:8.0.0:rc9 cpe:2.3:a:apache:tomcat:8.0.0:rc8 cpe:2.3:a:apache:tomcat:8.0.0:rc7 cpe:2.3:…	6.0.37	2024-11-21 10:55 2014-02-26	Show	GitHub Exploit DB Packet Storm

120	- 5.8	MEDIUM	Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which al…	CWE-20 Improper Input Validation	CVE-2013-4286	cpe:2.3:a:apache:tomcat:8.0.0:rc2 cpe:2.3:a:apache:tomcat:8.0.0:rc1 cpe:2.3:a:apache:tomcat:7.0.4:beta cpe:2.3…	6.0.37	2024-11-21 10:55 2014-02-26	Show	GitHub Exploit DB Packet Storm