Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache Tomcat Number Of NVD 240 CRITICAL 16 HIGH 74 MEDIUM 133 LOW 15
URL http://tomcat.apache.org/
Explanation ApacheTomcat is a web container (servlet container, servlet engine) for running Java Servlets and Java Server Pages (JSP).
It was previously developed by the Jakarta project.
It can also be used as a web server for static content delivery.
It has been adopted by many companies that require large scale and stable systems.
Tag
  • Apache License v2.0
  • オープンソース

Add Information URL
No Type Name URL
1 http://tomcat.apache.org/security.html
2 http://tomcat.apache.org/whichversion.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
191 Apache Tomcat 11.0 11.0.14 June 22, 2026 Feb. 23, 2023 10 15 9 1
192 Apache Tomcat 10.1 10.1.49 Nov. 10, 2025 Sept. 26, 2022 10 21 10 2
193 Apache Tomcat 9.0 9.0.118 May 10, 2026 Jan. 22, 2018 16 54 30 2
194 Apache Tomcat 8.5 8.5.100 March 25, 2024 June 13, 2016 12 46 26 2
195 Apache Tomcat 8 8.0.53 June 29, 2018 June 25, 2014 June 30, 2018 6 21 22 0
196 Apache Tomcat 7 7.0.109 April 22, 2021 June 29, 2010 March 31, 2021 10 35 59 6
197 Apache Tomcat 6 6.0.53 April 2, 2017 Dec. 1, 2006 Dec. 31, 2016 4 16 63 5
198 Apache Tomcat 5.5 5.5.9 0 0 0 0
199 Apache Tomcat 5.0 5.0.9 0 0 0 0
200 Apache Tomcat 4.1 4.1.9 0 0 0 0
201 Apache Tomcat 4.0 4.0.6 0 0 0 0
202 Apache Tomcat 3.3 3.3.2 0 0 0 0
203 Apache Tomcat 3.2 3.2.4 0 0 0 0
204 Apache Tomcat 3.1 3.1.1 0 0 0 0
205 Apache Tomcat 3.0 3.0 0 0 0 0
206 Apache Tomcat 1.1 1.1.3 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
191 -
3.5
LOW Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated use… CWE-22
Path Traversal
CVE-2007-5461 cpe:2.3:a:apache:tomcat:4.1.9:*
cpe:2.3:a:apache:tomcat:4.1.8:*
cpe:2.3:a:apache:tomcat:4.1.7:*
cpe:2.3:a:apac…
2026-04-23 09:35
2007-10-16
Show GitHub Exploit DB Packet Storm
192 -
4.3
MEDIUM Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and desc… CWE-352
 Origin Validation Error
CVE-2007-4724 cpe:2.3:a:apache:tomcat:4.1.31:* 2026-04-23 09:35
2007-09-6
Show GitHub Exploit DB Packet Storm
193 -
4.3
MEDIUM Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as… CWE-200
Information Exposure
CVE-2007-3382 cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache:tomcat:6.0.7:*
cpe:2.3:a:apac…
2026-04-23 09:35
2007-08-15
Show GitHub Exploit DB Packet Storm
194 -
4.3
MEDIUM Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive in… CWE-200
Information Exposure
CVE-2007-3385 cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache:tomcat:6.0.7:*
cpe:2.3:a:apac…
2026-04-23 09:35
2007-08-15
Show GitHub Exploit DB Packet Storm
195 -
4.3
MEDIUM Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted … CWE-79
Cross-site Scripting
CVE-2007-3386 cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache:tomcat:6.0.7:*
cpe:2.3:a:apac…
2026-04-23 09:35
2007-08-15
Show GitHub Exploit DB Packet Storm
196 -
4.3
MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name… NVD-CWE-Other
CVE-2007-3384 cpe:2.3:a:apache:tomcat:3.3:*
cpe:2.3:a:apache:tomcat:3.3.2:*
cpe:2.3:a:apache:tomcat:3.3.1a:*
cpe:2.3:a:apach…
2026-04-23 09:35
2007-08-8
Show GitHub Exploit DB Packet Storm
197 -
4.3
MEDIUM Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remot… NVD-CWE-Other
CVE-2007-3383 cpe:2.3:a:apache:tomcat:4.1.3:*
cpe:2.3:a:apache:tomcat:4.1.36:*
cpe:2.3:a:apache:tomcat:4.1.31:*
cpe:2.3:a:ap…
2026-04-23 09:35
2007-07-26
Show GitHub Exploit DB Packet Storm
198 -
4.3
MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 throug… NVD-CWE-Other
CVE-2007-2449 cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache:tomcat:6.0.7:*
cpe:2.3:a:apache:tomcat:6.0.6:*
cpe:2.3:a:apac…
4.1.36 2026-04-23 09:35
2007-06-15
Show GitHub Exploit DB Packet Storm
199 -
3.5
LOW Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 th… CWE-79
Cross-site Scripting
CVE-2007-2450 cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache:tomcat:6.0.7:*
cpe:2.3:a:apac…
2026-04-23 09:35
2007-06-15
Show GitHub Exploit DB Packet Storm
200 -
4.3
MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5… NVD-CWE-Other
CVE-2007-1355 cpe:2.3:a:apache:tomcat:6.0.9:*
cpe:2.3:a:apache:tomcat:6.0.8:*
cpe:2.3:a:apache:tomcat:6.0.7:*
cpe:2.3:a:apac…
2026-04-23 09:35
2007-05-22
Show GitHub Exploit DB Packet Storm