Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache Tomcat Number Of NVD 231 CRITICAL 12 HIGH 72 MEDIUM 130 LOW 15
URL http://tomcat.apache.org/
Explanation ApacheTomcat is a web container (servlet container, servlet engine) for running Java Servlets and Java Server Pages (JSP).
It was previously developed by the Jakarta project.
It can also be used as a web server for static content delivery.
It has been adopted by many companies that require large scale and stable systems.
Tag
  • Apache License v2.0
  • オープンソース
Add Information URL
No Type Name URL
1 http://tomcat.apache.org/security.html
2 http://tomcat.apache.org/whichversion.html
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
181 Apache Tomcat 11.0 11.0.14 Nov. 10, 2025 Feb. 23, 2023 6 13 6 1
182 Apache Tomcat 10.1 10.1.49 Nov. 10, 2025 Sept. 26, 2022 6 19 7 2
183 Apache Tomcat 10.0 10.0.27 Oct. 10, 2022 Dec. 8, 2020 1 15 4 1
184 Apache Tomcat 9.0 9.0.118 May 10, 2026 Jan. 22, 2018 12 52 27 2
185 Apache Tomcat 8.5 8.5.100 March 25, 2024 June 13, 2016 9 44 23 2
186 Apache Tomcat 8 8.0.53 June 29, 2018 June 25, 2014 June 30, 2018 4 20 20 0
187 Apache Tomcat 7 7.0.109 April 22, 2021 June 29, 2010 March 31, 2021 7 34 56 6
188 Apache Tomcat 6 6.0.53 April 2, 2017 Dec. 1, 2006 Dec. 31, 2016 2 15 60 5
189 Apache Tomcat 5.5 5.5.9 0 0 0 0
190 Apache Tomcat 5.0 5.0.9 0 0 0 0
191 Apache Tomcat 4.1 4.1.9 0 0 0 0
192 Apache Tomcat 4.0 4.0.6 0 0 0 0
193 Apache Tomcat 3.3 3.3.2 0 0 0 0
194 Apache Tomcat 3.2 3.2.4 0 0 0 0
195 Apache Tomcat 3.1 3.1.1 0 0 0 0
196 Apache Tomcat 3.0 3.0 0 0 0 0
197 Apache Tomcat 1.1 1.1.3 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
181 -
6.4 		MEDIUM The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attac… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2007-5342 cpe:2.3:a:apache:tomcat:6.0:*
cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache… 		2026-04-23 09:35
2007-12-28 		Show GitHub Exploit DB Packet Storm
182 -
3.5 		LOW Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated use… CWE-22
Path Traversal 		CVE-2007-5461 cpe:2.3:a:apache:tomcat:4.1.9:*
cpe:2.3:a:apache:tomcat:4.1.8:*
cpe:2.3:a:apache:tomcat:4.1.7:*
cpe:2.3:a:apac… 		2026-04-23 09:35
2007-10-16 		Show GitHub Exploit DB Packet Storm
183 -
4.3 		MEDIUM Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and desc… CWE-352
 Origin Validation Error 		CVE-2007-4724 cpe:2.3:a:apache:tomcat:4.1.31:* 2026-04-23 09:35
2007-09-6 		Show GitHub Exploit DB Packet Storm
184 -
4.3 		MEDIUM Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as… CWE-200
Information Exposure 		CVE-2007-3382 cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache:tomcat:6.0.7:*
cpe:2.3:a:apac… 		2026-04-23 09:35
2007-08-15 		Show GitHub Exploit DB Packet Storm
185 -
4.3 		MEDIUM Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive in… CWE-200
Information Exposure 		CVE-2007-3385 cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache:tomcat:6.0.7:*
cpe:2.3:a:apac… 		2026-04-23 09:35
2007-08-15 		Show GitHub Exploit DB Packet Storm
186 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted … CWE-79
Cross-site Scripting 		CVE-2007-3386 cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache:tomcat:6.0.7:*
cpe:2.3:a:apac… 		2026-04-23 09:35
2007-08-15 		Show GitHub Exploit DB Packet Storm
187 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name… NVD-CWE-Other
CVE-2007-3384 cpe:2.3:a:apache:tomcat:3.3:*
cpe:2.3:a:apache:tomcat:3.3.2:*
cpe:2.3:a:apache:tomcat:3.3.1a:*
cpe:2.3:a:apach… 		2026-04-23 09:35
2007-08-8 		Show GitHub Exploit DB Packet Storm
188 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remot… NVD-CWE-Other
CVE-2007-3383 cpe:2.3:a:apache:tomcat:4.1.3:*
cpe:2.3:a:apache:tomcat:4.1.36:*
cpe:2.3:a:apache:tomcat:4.1.31:*
cpe:2.3:a:ap… 		2026-04-23 09:35
2007-07-26 		Show GitHub Exploit DB Packet Storm
189 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 throug… NVD-CWE-Other
CVE-2007-2449 cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache:tomcat:6.0.7:*
cpe:2.3:a:apache:tomcat:6.0.6:*
cpe:2.3:a:apac… 		4.1.36 2026-04-23 09:35
2007-06-15 		Show GitHub Exploit DB Packet Storm
190 -
3.5 		LOW Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 th… CWE-79
Cross-site Scripting 		CVE-2007-2450 cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache:tomcat:6.0.7:*
cpe:2.3:a:apac… 		2026-04-23 09:35
2007-06-15 		Show GitHub Exploit DB Packet Storm