Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache Tomcat Number Of NVD 231 CRITICAL 12 HIGH 72 MEDIUM 130 LOW 15
URL http://tomcat.apache.org/
Explanation ApacheTomcat is a web container (servlet container, servlet engine) for running Java Servlets and Java Server Pages (JSP).
It was previously developed by the Jakarta project.
It can also be used as a web server for static content delivery.
It has been adopted by many companies that require large scale and stable systems.
Tag
  • Apache License v2.0
  • オープンソース
Add Information URL
No Type Name URL
1 http://tomcat.apache.org/security.html
2 http://tomcat.apache.org/whichversion.html
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
131 Apache Tomcat 11.0 11.0.14 Nov. 10, 2025 Feb. 23, 2023 6 13 6 1
132 Apache Tomcat 10.1 10.1.49 Nov. 10, 2025 Sept. 26, 2022 6 19 7 2
133 Apache Tomcat 10.0 10.0.27 Oct. 10, 2022 Dec. 8, 2020 1 15 4 1
134 Apache Tomcat 9.0 9.0.118 May 10, 2026 Jan. 22, 2018 12 52 27 2
135 Apache Tomcat 8.5 8.5.100 March 25, 2024 June 13, 2016 9 44 23 2
136 Apache Tomcat 8 8.0.53 June 29, 2018 June 25, 2014 June 30, 2018 4 20 20 0
137 Apache Tomcat 7 7.0.109 April 22, 2021 June 29, 2010 March 31, 2021 7 34 56 6
138 Apache Tomcat 6 6.0.53 April 2, 2017 Dec. 1, 2006 Dec. 31, 2016 2 15 60 5
139 Apache Tomcat 5.5 5.5.9 0 0 0 0
140 Apache Tomcat 5.0 5.0.9 0 0 0 0
141 Apache Tomcat 4.1 4.1.9 0 0 0 0
142 Apache Tomcat 4.0 4.0.6 0 0 0 0
143 Apache Tomcat 3.3 3.3.2 0 0 0 0
144 Apache Tomcat 3.2 3.2.4 0 0 0 0
145 Apache Tomcat 3.1 3.1.1 0 0 0 0
146 Apache Tomcat 3.0 3.0 0 0 0 0
147 Apache Tomcat 1.1 1.1.3 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
131 -
5.0 		MEDIUM The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with … CWE-287
Improper Authentication 		CVE-2012-5887 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac… 		2024-11-21 10:45
2012-11-18 		Show GitHub Exploit DB Packet Storm
132 -
5.0 		MEDIUM The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session … CWE-287
Improper Authentication 		CVE-2012-5886 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac… 		2024-11-21 10:45
2012-11-18 		Show GitHub Exploit DB Packet Storm
133 -
5.0 		MEDIUM The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka clien… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-5885 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac… 		2024-11-21 10:45
2012-11-18 		Show GitHub Exploit DB Packet Storm
134 -
5.0 		MEDIUM java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which … CWE-20
 Improper Input Validation  		CVE-2012-2733 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac… 		2024-11-21 10:39
2012-11-17 		Show GitHub Exploit DB Packet Storm
135 -
5.0 		MEDIUM Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consu… CWE-189
Numeric Errors 		CVE-2012-0022 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac… 		2024-11-21 10:34
2012-01-19 		Show GitHub Exploit DB Packet Storm
136 -
5.0 		MEDIUM Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain uninten… CWE-200
Information Exposure 		CVE-2011-3375 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac… 		2024-11-21 10:30
2012-01-19 		Show GitHub Exploit DB Packet Storm
137 -
4.3 		MEDIUM DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server … CWE-310
Cryptographic Issues 		CVE-2011-5064 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac… 		2024-11-21 10:33
2012-01-15 		Show GitHub Exploit DB Packet Storm
138 -
4.3 		MEDIUM The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to … CWE-287
Improper Authentication 		CVE-2011-5063 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac… 		2024-11-21 10:33
2012-01-15 		Show GitHub Exploit DB Packet Storm
139 -
5.0 		MEDIUM The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to by… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2011-5062 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac… 		2024-11-21 10:33
2012-01-15 		Show GitHub Exploit DB Packet Storm
140 -
5.0 		MEDIUM The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2011-1184 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac… 		2024-11-21 10:25
2012-01-15 		Show GitHub Exploit DB Packet Storm