Software Detail

Software Informaton Top

Web Server

Software Detail

Apache Tomcat

Number Of NVD

231

CRITICAL

HIGH

MEDIUM

130

LOW

URL	http://tomcat.apache.org/
Explanation	ApacheTomcat is a web container (servlet container, servlet engine) for running Java Servlets and Java Server Pages (JSP). It was previously developed by the Jakarta project. It can also be used as a web server for static content delivery. It has been adopted by many companies that require large scale and stable systems.
Tag	Apache License v2.0 オープンソース

Add Information URL

No	Type	Name	URL
1			http://tomcat.apache.org/security.html
2			http://tomcat.apache.org/whichversion.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
161	Apache Tomcat 11.0	11.0.14	Nov. 10, 2025	Feb. 23, 2023		6	13	6	1
162	Apache Tomcat 10.1	10.1.49	Nov. 10, 2025	Sept. 26, 2022		6	19	7	2
163	Apache Tomcat 10.0	10.0.27	Oct. 10, 2022	Dec. 8, 2020		1	15	4	1
164	Apache Tomcat 9.0	9.0.118	May 10, 2026	Jan. 22, 2018		12	52	27	2
165	Apache Tomcat 8.5	8.5.100	March 25, 2024	June 13, 2016		9	44	23	2
166	Apache Tomcat 8	8.0.53	June 29, 2018	June 25, 2014	June 30, 2018	4	20	20	0
167	Apache Tomcat 7	7.0.109	April 22, 2021	June 29, 2010	March 31, 2021	7	34	56	6
168	Apache Tomcat 6	6.0.53	April 2, 2017	Dec. 1, 2006	Dec. 31, 2016	2	15	60	5
169	Apache Tomcat 5.5	5.5.9				0	0	0	0
170	Apache Tomcat 5.0	5.0.9				0	0	0	0
171	Apache Tomcat 4.1	4.1.9				0	0	0	0
172	Apache Tomcat 4.0	4.0.6				0	0	0	0
173	Apache Tomcat 3.3	3.3.2				0	0	0	0
174	Apache Tomcat 3.2	3.2.4				0	0	0	0
175	Apache Tomcat 3.1	3.1.1				0	0	0	0
176	Apache Tomcat 3.0	3.0				0	0	0	0
177	Apache Tomcat 1.1	1.1.3				0	0	0	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	Update date Published date	Show Affected	Exploit PoC Search
161	- 4.3	MEDIUM	Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR file…	CWE-22 Path Traversal	CVE-2009-2902	cpe:2.3:a:apache:tomcat:6.0:* cpe:2.3:a:apache:tomcat:6.0.9:* cpe:2.3:a:apache:tomcat:6.0.8:* cpe:2.3:a:apache…			2023-02-13 10:17 2010-01-29	Show	GitHub Exploit DB Packet Storm

162	- 4.3	MEDIUM	The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remo…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2009-2901	cpe:2.3:a:apache:tomcat:6.0:* cpe:2.3:a:apache:tomcat:6.0.9:* cpe:2.3:a:apache:tomcat:6.0.8:* cpe:2.3:a:apache…			2023-02-13 11:20 2010-01-29	Show	GitHub Exploit DB Packet Storm

163	- 5.8	MEDIUM	Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR…	CWE-22 Path Traversal	CVE-2009-2693	cpe:2.3:a:apache:tomcat:6.0:* cpe:2.3:a:apache:tomcat:6.0.9:* cpe:2.3:a:apache:tomcat:6.0.8:* cpe:2.3:a:apache…			2023-11-7 11:04 2010-01-29	Show	GitHub Exploit DB Packet Storm

164	- 7.5	HIGH	The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attack…	CWE-255 Credentials Management	CVE-2009-3548	cpe:2.3:a:apache:tomcat:6.0:* cpe:2.3:a:apache:tomcat:6.0.9:* cpe:2.3:a:apache:tomcat:6.0.8:* cpe:2.3:a:apache…			2026-04-23 09:35 2009-11-13	Show	GitHub Exploit DB Packet Storm

165	- 5.0	MEDIUM	Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDi…	CWE-22 Path Traversal	CVE-2008-5515	cpe:2.3:a:apache:tomcat:6.0:* cpe:2.3:a:apache:tomcat:6.0.9:* cpe:2.3:a:apache:tomcat:6.0.7:* cpe:2.3:a:apache…			2026-04-23 09:35 2009-06-17	Show	GitHub Exploit DB Packet Storm

166	4.2 4.6	MEDIUM Local	Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read …	CWE-200 Information Exposure	CVE-2009-0783	cpe:2.3:a:apache:tomcat::	4.1.0 5.5.0 6.0.0	4.1.39 5.5.27 6.0.18	2026-04-23 09:35 2009-06-6	Show	GitHub Exploit DB Packet Storm

167	- 4.3	MEDIUM	Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_…	CWE-200 Information Exposure	CVE-2009-0580	cpe:2.3:a:apache:tomcat:6.0.9:* cpe:2.3:a:apache:tomcat:6.0.8:* cpe:2.3:a:apache:tomcat:6.0.7:* cpe:2.3:a:apac…			2026-04-23 09:35 2009-06-6	Show	GitHub Exploit DB Packet Storm

168	- 5.0	MEDIUM	Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of servic…	CWE-20 Improper Input Validation	CVE-2009-0033	cpe:2.3:a:apache:tomcat:6.0.9:* cpe:2.3:a:apache:tomcat:6.0.8:* cpe:2.3:a:apache:tomcat:6.0.7:* cpe:2.3:a:apac…			2026-04-23 09:35 2009-06-6	Show	GitHub Exploit DB Packet Storm

169	- 2.6	LOW	The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstance…	CWE-200 Information Exposure	CVE-2008-5519	cpe:2.3:a:apache:tomcat:5.5.9:* cpe:2.3:a:apache:tomcat:5.5.8:* cpe:2.3:a:apache:tomcat:5.5.7:* cpe:2.3:a:apac…			2026-04-23 09:35 2009-04-10	Show	GitHub Exploit DB Packet Storm

170	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through…	CWE-79 Cross-site Scripting	CVE-2009-0781	cpe:2.3:a:apache:tomcat:6.0:* cpe:2.3:a:apache:tomcat:6.0.9:* cpe:2.3:a:apache:tomcat:6.0.8:* cpe:2.3:a:apache…			2026-04-23 09:35 2009-03-10	Show	GitHub Exploit DB Packet Storm