Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache Tomcat Number Of NVD 240 CRITICAL 16 HIGH 74 MEDIUM 133 LOW 15
URL http://tomcat.apache.org/
Explanation ApacheTomcat is a web container (servlet container, servlet engine) for running Java Servlets and Java Server Pages (JSP).
It was previously developed by the Jakarta project.
It can also be used as a web server for static content delivery.
It has been adopted by many companies that require large scale and stable systems.
Tag
  • Apache License v2.0
  • オープンソース

Add Information URL
No Type Name URL
1 http://tomcat.apache.org/security.html
2 http://tomcat.apache.org/whichversion.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
141 Apache Tomcat 11.0 11.0.14 June 22, 2026 Feb. 23, 2023 10 15 9 1
142 Apache Tomcat 10.1 10.1.49 Nov. 10, 2025 Sept. 26, 2022 10 21 10 2
143 Apache Tomcat 9.0 9.0.118 May 10, 2026 Jan. 22, 2018 16 54 30 2
144 Apache Tomcat 8.5 8.5.100 March 25, 2024 June 13, 2016 12 46 26 2
145 Apache Tomcat 8 8.0.53 June 29, 2018 June 25, 2014 June 30, 2018 6 21 22 0
146 Apache Tomcat 7 7.0.109 April 22, 2021 June 29, 2010 March 31, 2021 10 35 59 6
147 Apache Tomcat 6 6.0.53 April 2, 2017 Dec. 1, 2006 Dec. 31, 2016 4 16 63 5
148 Apache Tomcat 5.5 5.5.9 0 0 0 0
149 Apache Tomcat 5.0 5.0.9 0 0 0 0
150 Apache Tomcat 4.1 4.1.9 0 0 0 0
151 Apache Tomcat 4.0 4.0.6 0 0 0 0
152 Apache Tomcat 3.3 3.3.2 0 0 0 0
153 Apache Tomcat 3.2 3.2.4 0 0 0 0
154 Apache Tomcat 3.1 3.1.1 0 0 0 0
155 Apache Tomcat 3.0 3.0 0 0 0 0
156 Apache Tomcat 1.1 1.1.3 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
141 -
5.0
MEDIUM The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session … CWE-287
Improper Authentication
CVE-2012-5886 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:45
2012-11-18
Show GitHub Exploit DB Packet Storm
142 -
5.0
MEDIUM The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka clien… CWE-264
Permissions, Privileges, and Access Controls
CVE-2012-5885 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:45
2012-11-18
Show GitHub Exploit DB Packet Storm
143 -
5.0
MEDIUM java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which … CWE-20
 Improper Input Validation 
CVE-2012-2733 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:39
2012-11-17
Show GitHub Exploit DB Packet Storm
144 -
5.0
MEDIUM Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consu… CWE-189
Numeric Errors
CVE-2012-0022 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:34
2012-01-19
Show GitHub Exploit DB Packet Storm
145 -
5.0
MEDIUM Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain uninten… CWE-200
Information Exposure
CVE-2011-3375 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:30
2012-01-19
Show GitHub Exploit DB Packet Storm
146 -
4.3
MEDIUM DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server … CWE-310
Cryptographic Issues
CVE-2011-5064 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:33
2012-01-15
Show GitHub Exploit DB Packet Storm
147 -
4.3
MEDIUM The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to … CWE-287
Improper Authentication
CVE-2011-5063 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:33
2012-01-15
Show GitHub Exploit DB Packet Storm
148 -
5.0
MEDIUM The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to by… CWE-264
Permissions, Privileges, and Access Controls
CVE-2011-5062 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:33
2012-01-15
Show GitHub Exploit DB Packet Storm
149 -
5.0
MEDIUM The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, … CWE-264
Permissions, Privileges, and Access Controls
CVE-2011-1184 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:25
2012-01-15
Show GitHub Exploit DB Packet Storm
150 -
5.0
MEDIUM Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows rem… CWE-399
 Resource Management Errors
CVE-2011-4858 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:33
2012-01-6
Show GitHub Exploit DB Packet Storm