Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache Tomcat Number Of NVD 240 CRITICAL 16 HIGH 74 MEDIUM 133 LOW 15
URL http://tomcat.apache.org/
Explanation ApacheTomcat is a web container (servlet container, servlet engine) for running Java Servlets and Java Server Pages (JSP).
It was previously developed by the Jakarta project.
It can also be used as a web server for static content delivery.
It has been adopted by many companies that require large scale and stable systems.
Tag
  • オープンソース
  • Apache License v2.0

Add Information URL
No Type Name URL
1 http://tomcat.apache.org/security.html
2 http://tomcat.apache.org/whichversion.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
131 Apache Tomcat 11.0 11.0.14 June 22, 2026 Feb. 23, 2023 10 15 9 1
132 Apache Tomcat 10.1 10.1.49 Nov. 10, 2025 Sept. 26, 2022 10 21 10 2
133 Apache Tomcat 9.0 9.0.118 May 10, 2026 Jan. 22, 2018 16 54 30 2
134 Apache Tomcat 8.5 8.5.100 March 25, 2024 June 13, 2016 12 46 26 2
135 Apache Tomcat 8 8.0.53 June 29, 2018 June 25, 2014 June 30, 2018 6 21 22 0
136 Apache Tomcat 7 7.0.109 April 22, 2021 June 29, 2010 March 31, 2021 10 35 59 6
137 Apache Tomcat 6 6.0.53 April 2, 2017 Dec. 1, 2006 Dec. 31, 2016 4 16 63 5
138 Apache Tomcat 5.5 5.5.9 0 0 0 0
139 Apache Tomcat 5.0 5.0.9 0 0 0 0
140 Apache Tomcat 4.1 4.1.9 0 0 0 0
141 Apache Tomcat 4.0 4.0.6 0 0 0 0
142 Apache Tomcat 3.3 3.3.2 0 0 0 0
143 Apache Tomcat 3.2 3.2.4 0 0 0 0
144 Apache Tomcat 3.1 3.1.1 0 0 0 0
145 Apache Tomcat 3.0 3.0 0 0 0 0
146 Apache Tomcat 1.1 1.1.3 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
131 -
7.5
HIGH The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers … CWE-20
 Improper Input Validation 
CVE-2013-2185 cpe:2.3:a:apache:tomcat:*:* 7.0.39 2024-11-21 10:51
2014-01-20
Show GitHub Exploit DB Packet Storm
132 -
6.8
MEDIUM Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that… CWE-352
 Origin Validation Error
CVE-2013-6357 cpe:2.3:a:apache:tomcat:5:*
cpe:2.3:a:apache:tomcat:5.5.9:*
cpe:2.3:a:apache:tomcat:5.5.8:*
cpe:2.3:a:apache:t…
5.5.25 2024-11-21 10:59
2013-11-14
Show GitHub Exploit DB Packet Storm
133 -
2.6
LOW java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows … CWE-200
Information Exposure
CVE-2013-2071 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:50
2013-06-1
Show GitHub Exploit DB Packet Storm
134 -
6.8
MEDIUM java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationship… CWE-287
Improper Authentication
CVE-2013-2067 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:50
2013-06-1
Show GitHub Exploit DB Packet Storm
135 -
5.0
MEDIUM Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming dat… CWE-20
 Improper Input Validation 
CVE-2012-3544 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:41
2013-06-1
Show GitHub Exploit DB Packet Storm
136 -
2.6
LOW org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to… CWE-399
 Resource Management Errors
CVE-2012-4534 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:43
2012-12-19
Show GitHub Exploit DB Packet Storm
137 -
4.3
MEDIUM org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mecha… CWE-264
Permissions, Privileges, and Access Controls
CVE-2012-4431 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:42
2012-12-19
Show GitHub Exploit DB Packet Storm
138 -
4.3
MEDIUM org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by le… CWE-264
Permissions, Privileges, and Access Controls
CVE-2012-3546 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:41
2012-12-19
Show GitHub Exploit DB Packet Storm
139 -
5.0
MEDIUM Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. NVD-CWE-noinfo
CVE-2012-5568 cpe:2.3:a:apache:tomcat:*:* 7.0.0 7.0.105 2024-11-21 10:44
2012-12-1
Show GitHub Exploit DB Packet Storm
140 -
5.0
MEDIUM The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with … CWE-287
Improper Authentication
CVE-2012-5887 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:45
2012-11-18
Show GitHub Exploit DB Packet Storm