Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache Tomcat Number Of NVD 240 CRITICAL 16 HIGH 74 MEDIUM 133 LOW 15
URL http://tomcat.apache.org/
Explanation ApacheTomcat is a web container (servlet container, servlet engine) for running Java Servlets and Java Server Pages (JSP).
It was previously developed by the Jakarta project.
It can also be used as a web server for static content delivery.
It has been adopted by many companies that require large scale and stable systems.
Tag
  • Apache License v2.0
  • オープンソース

Add Information URL
No Type Name URL
1 http://tomcat.apache.org/security.html
2 http://tomcat.apache.org/whichversion.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
151 Apache Tomcat 11.0 11.0.14 June 22, 2026 Feb. 23, 2023 10 15 9 1
152 Apache Tomcat 10.1 10.1.49 Nov. 10, 2025 Sept. 26, 2022 10 21 10 2
153 Apache Tomcat 9.0 9.0.118 May 10, 2026 Jan. 22, 2018 16 54 30 2
154 Apache Tomcat 8.5 8.5.100 March 25, 2024 June 13, 2016 12 46 26 2
155 Apache Tomcat 8 8.0.53 June 29, 2018 June 25, 2014 June 30, 2018 6 21 22 0
156 Apache Tomcat 7 7.0.109 April 22, 2021 June 29, 2010 March 31, 2021 10 35 59 6
157 Apache Tomcat 6 6.0.53 April 2, 2017 Dec. 1, 2006 Dec. 31, 2016 4 16 63 5
158 Apache Tomcat 5.5 5.5.9 0 0 0 0
159 Apache Tomcat 5.0 5.0.9 0 0 0 0
160 Apache Tomcat 4.1 4.1.9 0 0 0 0
161 Apache Tomcat 4.0 4.0.6 0 0 0 0
162 Apache Tomcat 3.3 3.3.2 0 0 0 0
163 Apache Tomcat 3.2 3.2.4 0 0 0 0
164 Apache Tomcat 3.1 3.1.1 0 0 0 0
165 Apache Tomcat 3.0 3.0 0 0 0 0
166 Apache Tomcat 1.1 1.1.3 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
151 -
4.4
MEDIUM org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privi… CWE-264
Permissions, Privileges, and Access Controls
CVE-2011-3376 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:30
2011-11-12
Show GitHub Exploit DB Packet Storm
152 -
7.5
HIGH Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP reque… CWE-264
Permissions, Privileges, and Access Controls
CVE-2011-3190 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:29
2011-09-1
Show GitHub Exploit DB Packet Storm
153 -
5.0
MEDIUM native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on… CWE-264
Permissions, Privileges, and Access Controls
CVE-2011-2729 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:28
2011-08-16
Show GitHub Exploit DB Packet Storm
154 -
4.6
MEDIUM Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3… NVD-CWE-Other
CVE-2011-2481 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:28
2011-08-16
Show GitHub Exploit DB Packet Storm
155 -
4.4
MEDIUM Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allow… CWE-20
 Improper Input Validation 
CVE-2011-2526 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:28
2011-07-15
Show GitHub Exploit DB Packet Storm
156 -
1.9
LOW Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creatio… CWE-200
Information Exposure
CVE-2011-2204 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:27
2011-06-30
Show GitHub Exploit DB Packet Storm
157 -
4.3
MEDIUM Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass … CWE-264
Permissions, Privileges, and Access Controls
CVE-2011-1582 cpe:2.3:a:apache:tomcat:7.0.13:*
cpe:2.3:a:apache:tomcat:7.0.12:*
2024-11-21 10:26
2011-05-21
Show GitHub Exploit DB Packet Storm
158 -
5.0
MEDIUM The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circu… CWE-20
 Improper Input Validation 
CVE-2011-1475 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:26
2011-04-9
Show GitHub Exploit DB Packet Storm
159 -
5.8
MEDIUM Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-d… NVD-CWE-Other
CVE-2011-1183 cpe:2.3:a:apache:tomcat:7.0.11:* 2024-11-21 10:25
2011-04-9
Show GitHub Exploit DB Packet Storm
160 -
5.8
MEDIUM Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP r… NVD-CWE-Other
CVE-2011-1419 cpe:2.3:a:apache:tomcat:7.0.9:*
cpe:2.3:a:apache:tomcat:7.0.8:*
cpe:2.3:a:apache:tomcat:7.0.7:*
cpe:2.3:a:apac…
2024-11-21 10:26
2011-03-15
Show GitHub Exploit DB Packet Storm