Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache Tomcat Number Of NVD 240 CRITICAL 16 HIGH 74 MEDIUM 133 LOW 15
URL http://tomcat.apache.org/
Explanation ApacheTomcat is a web container (servlet container, servlet engine) for running Java Servlets and Java Server Pages (JSP).
It was previously developed by the Jakarta project.
It can also be used as a web server for static content delivery.
It has been adopted by many companies that require large scale and stable systems.
Tag
  • Apache License v2.0
  • オープンソース

Add Information URL
No Type Name URL
1 http://tomcat.apache.org/security.html
2 http://tomcat.apache.org/whichversion.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
171 Apache Tomcat 11.0 11.0.14 June 22, 2026 Feb. 23, 2023 10 15 9 1
172 Apache Tomcat 10.1 10.1.49 Nov. 10, 2025 Sept. 26, 2022 10 21 10 2
173 Apache Tomcat 9.0 9.0.118 May 10, 2026 Jan. 22, 2018 16 54 30 2
174 Apache Tomcat 8.5 8.5.100 March 25, 2024 June 13, 2016 12 46 26 2
175 Apache Tomcat 8 8.0.53 June 29, 2018 June 25, 2014 June 30, 2018 6 21 22 0
176 Apache Tomcat 7 7.0.109 April 22, 2021 June 29, 2010 March 31, 2021 10 35 59 6
177 Apache Tomcat 6 6.0.53 April 2, 2017 Dec. 1, 2006 Dec. 31, 2016 4 16 63 5
178 Apache Tomcat 5.5 5.5.9 0 0 0 0
179 Apache Tomcat 5.0 5.0.9 0 0 0 0
180 Apache Tomcat 4.1 4.1.9 0 0 0 0
181 Apache Tomcat 4.0 4.0.6 0 0 0 0
182 Apache Tomcat 3.3 3.3.2 0 0 0 0
183 Apache Tomcat 3.2 3.2.4 0 0 0 0
184 Apache Tomcat 3.1 3.1.1 0 0 0 0
185 Apache Tomcat 3.0 3.0 0 0 0 0
186 Apache Tomcat 1.1 1.1.3 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
171 -
4.3
MEDIUM The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remo… CWE-264
Permissions, Privileges, and Access Controls
CVE-2009-2901 cpe:2.3:a:apache:tomcat:6.0:*
cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache…
2023-02-13 11:20
2010-01-29
Show GitHub Exploit DB Packet Storm
172 -
5.8
MEDIUM Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR… CWE-22
Path Traversal
CVE-2009-2693 cpe:2.3:a:apache:tomcat:6.0:*
cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache…
2023-11-7 11:04
2010-01-29
Show GitHub Exploit DB Packet Storm
173 -
7.5
HIGH The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attack… CWE-255
Credentials Management
CVE-2009-3548 cpe:2.3:a:apache:tomcat:6.0:*
cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache…
2026-04-23 09:35
2009-11-13
Show GitHub Exploit DB Packet Storm
174 -
5.0
MEDIUM Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDi… CWE-22
Path Traversal
CVE-2008-5515 cpe:2.3:a:apache:tomcat:6.0:*
cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.7:*
cpe:2.3:a:apache…
2026-04-23 09:35
2009-06-17
Show GitHub Exploit DB Packet Storm
175 4.2
4.6
MEDIUM
Local
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read … CWE-200
Information Exposure
CVE-2009-0783 cpe:2.3:a:apache:tomcat:*:* 4.1.0
5.5.0
6.0.0
4.1.39
5.5.27
6.0.18




2026-04-23 09:35
2009-06-6
Show GitHub Exploit DB Packet Storm
176 -
4.3
MEDIUM Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_… CWE-200
Information Exposure
CVE-2009-0580 cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache:tomcat:6.0.7:*
cpe:2.3:a:apac…
2026-04-23 09:35
2009-06-6
Show GitHub Exploit DB Packet Storm
177 -
5.0
MEDIUM Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of servic… CWE-20
 Improper Input Validation 
CVE-2009-0033 cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache:tomcat:6.0.7:*
cpe:2.3:a:apac…
2026-04-23 09:35
2009-06-6
Show GitHub Exploit DB Packet Storm
178 -
2.6
LOW The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstance… CWE-200
Information Exposure
CVE-2008-5519 cpe:2.3:a:apache:tomcat:5.5.9:*
cpe:2.3:a:apache:tomcat:5.5.8:*
cpe:2.3:a:apache:tomcat:5.5.7:*
cpe:2.3:a:apac…
2026-04-23 09:35
2009-04-10
Show GitHub Exploit DB Packet Storm
179 -
4.3
MEDIUM Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through… CWE-79
Cross-site Scripting
CVE-2009-0781 cpe:2.3:a:apache:tomcat:6.0:*
cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache…
2026-04-23 09:35
2009-03-10
Show GitHub Exploit DB Packet Storm
180 -
2.6
LOW The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST co… CWE-200
Information Exposure
CVE-2008-4308 cpe:2.3:a:apache:tomcat:5.5.20:*
cpe:2.3:a:apache:tomcat:5.5.19:*
cpe:2.3:a:apache:tomcat:5.5.18:*
cpe:2.3:a:a…
2026-04-23 09:35
2009-02-27
Show GitHub Exploit DB Packet Storm