Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache Tomcat Number Of NVD 240 CRITICAL 16 HIGH 74 MEDIUM 133 LOW 15
URL http://tomcat.apache.org/
Explanation ApacheTomcat is a web container (servlet container, servlet engine) for running Java Servlets and Java Server Pages (JSP).
It was previously developed by the Jakarta project.
It can also be used as a web server for static content delivery.
It has been adopted by many companies that require large scale and stable systems.
Tag
  • オープンソース
  • Apache License v2.0

Add Information URL
No Type Name URL
1 http://tomcat.apache.org/security.html
2 http://tomcat.apache.org/whichversion.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
121 Apache Tomcat 11.0 11.0.14 June 22, 2026 Feb. 23, 2023 10 15 9 1
122 Apache Tomcat 10.1 10.1.49 Nov. 10, 2025 Sept. 26, 2022 10 21 10 2
123 Apache Tomcat 9.0 9.0.118 May 10, 2026 Jan. 22, 2018 16 54 30 2
124 Apache Tomcat 8.5 8.5.100 March 25, 2024 June 13, 2016 12 46 26 2
125 Apache Tomcat 8 8.0.53 June 29, 2018 June 25, 2014 June 30, 2018 6 21 22 0
126 Apache Tomcat 7 7.0.109 April 22, 2021 June 29, 2010 March 31, 2021 10 35 59 6
127 Apache Tomcat 6 6.0.53 April 2, 2017 Dec. 1, 2006 Dec. 31, 2016 4 16 63 5
128 Apache Tomcat 5.5 5.5.9 0 0 0 0
129 Apache Tomcat 5.0 5.0.9 0 0 0 0
130 Apache Tomcat 4.1 4.1.9 0 0 0 0
131 Apache Tomcat 4.0 4.0.6 0 0 0 0
132 Apache Tomcat 3.3 3.3.2 0 0 0 0
133 Apache Tomcat 3.2 3.2.4 0 0 0 0
134 Apache Tomcat 3.1 3.1.1 0 0 0 0
135 Apache Tomcat 3.0 3.0 0 0 0 0
136 Apache Tomcat 1.1 1.1.3 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
121 -
4.3
MEDIUM Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers t… CWE-189
Numeric Errors
CVE-2014-0099 cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apache:tomcat:8.0.1:*
cpe:2.3:a:apache:tomcat:8.0.0:rc5
cpe:2.3:a:ap…
6.0.39 2024-11-21 11:01
2014-05-31
Show GitHub Exploit DB Packet Storm
122 -
4.3
MEDIUM java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which… CWE-264
Permissions, Privileges, and Access Controls
CVE-2014-0096 cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apache:tomcat:8.0.1:*
cpe:2.3:a:apache:tomcat:8.0.0:rc5
cpe:2.3:a:ap…
6.0.39 2024-11-21 11:01
2014-05-31
Show GitHub Exploit DB Packet Storm
123 -
5.0
MEDIUM java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP req… CWE-20
 Improper Input Validation 
CVE-2014-0095 cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apache:tomcat:8.0.1:*
cpe:2.3:a:apache:tomcat:8.0.0:rc5
cpe:2.3:a:ap…
2024-11-21 11:01
2014-05-31
Show GitHub Exploit DB Packet Storm
124 -
5.0
MEDIUM Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remot… CWE-189
Numeric Errors
CVE-2014-0075 cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apache:tomcat:8.0.1:*
cpe:2.3:a:apache:tomcat:8.0.0:rc5
cpe:2.3:a:ap…
6.0.39 2024-11-21 11:01
2014-05-31
Show GitHub Exploit DB Packet Storm
125 -
7.5
HIGH MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU co… CWE-264
Permissions, Privileges, and Access Controls
CVE-2014-0050 cpe:2.3:a:apache:tomcat:8.0.1:*
cpe:2.3:a:apache:tomcat:8.0.0:rc5
cpe:2.3:a:apache:tomcat:8.0.0:rc2
cpe:2.3:a:…
2024-11-21 11:01
2014-04-1
Show GitHub Exploit DB Packet Storm
126 -
4.3
MEDIUM org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote atta… CWE-20
 Improper Input Validation 
CVE-2014-0033 cpe:2.3:a:apache:tomcat:6.0.37:*
cpe:2.3:a:apache:tomcat:6.0.36:*
cpe:2.3:a:apache:tomcat:6.0.35:*
cpe:2.3:a:a…
2024-11-21 11:01
2014-02-26
Show GitHub Exploit DB Packet Storm
127 -
4.3
MEDIUM Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a c… CWE-200
Information Exposure
CVE-2013-4590 cpe:2.3:a:apache:tomcat:8.0.0:rc9
cpe:2.3:a:apache:tomcat:8.0.0:rc8
cpe:2.3:a:apache:tomcat:8.0.0:rc7
cpe:2.3:…
6.0.37 2024-11-21 10:55
2014-02-26
Show GitHub Exploit DB Packet Storm
128 -
4.3
MEDIUM Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace charac… CWE-20
 Improper Input Validation 
CVE-2013-4322 cpe:2.3:a:apache:tomcat:8.0.0:rc9
cpe:2.3:a:apache:tomcat:8.0.0:rc8
cpe:2.3:a:apache:tomcat:8.0.0:rc7
cpe:2.3:…
6.0.37 2024-11-21 10:55
2014-02-26
Show GitHub Exploit DB Packet Storm
129 -
5.8
MEDIUM Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which al… CWE-20
 Improper Input Validation 
CVE-2013-4286 cpe:2.3:a:apache:tomcat:8.0.0:rc2
cpe:2.3:a:apache:tomcat:8.0.0:rc1
cpe:2.3:a:apache:tomcat:7.0.4:beta
cpe:2.3…
6.0.37 2024-11-21 10:55
2014-02-26
Show GitHub Exploit DB Packet Storm
130 -
2.1
LOW Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor ha… CWE-264
Permissions, Privileges, and Access Controls
CVE-2013-0346 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:47
2014-02-15
Show GitHub Exploit DB Packet Storm