Software Detail

Software Informaton Top

Web Server

Software Detail

Apache Tomcat

Number Of NVD

231

CRITICAL

HIGH

MEDIUM

130

LOW

URL	http://tomcat.apache.org/
Explanation	ApacheTomcat is a web container (servlet container, servlet engine) for running Java Servlets and Java Server Pages (JSP). It was previously developed by the Jakarta project. It can also be used as a web server for static content delivery. It has been adopted by many companies that require large scale and stable systems.
Tag	Apache License v2.0 オープンソース

Add Information URL

No	Type	Name	URL
1			http://tomcat.apache.org/security.html
2			http://tomcat.apache.org/whichversion.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
201	Apache Tomcat 11.0	11.0.14	Nov. 10, 2025	Feb. 23, 2023		6	13	6	1
202	Apache Tomcat 10.1	10.1.49	Nov. 10, 2025	Sept. 26, 2022		6	19	7	2
203	Apache Tomcat 10.0	10.0.27	Oct. 10, 2022	Dec. 8, 2020		1	15	4	1
204	Apache Tomcat 9.0	9.0.118	May 10, 2026	Jan. 22, 2018		12	52	27	2
205	Apache Tomcat 8.5	8.5.100	March 25, 2024	June 13, 2016		9	44	23	2
206	Apache Tomcat 8	8.0.53	June 29, 2018	June 25, 2014	June 30, 2018	4	20	20	0
207	Apache Tomcat 7	7.0.109	April 22, 2021	June 29, 2010	March 31, 2021	7	34	56	6
208	Apache Tomcat 6	6.0.53	April 2, 2017	Dec. 1, 2006	Dec. 31, 2016	2	15	60	5
209	Apache Tomcat 5.5	5.5.9				0	0	0	0
210	Apache Tomcat 5.0	5.0.9				0	0	0	0
211	Apache Tomcat 4.1	4.1.9				0	0	0	0
212	Apache Tomcat 4.0	4.0.6				0	0	0	0
213	Apache Tomcat 3.3	3.3.2				0	0	0	0
214	Apache Tomcat 3.2	3.2.4				0	0	0	0
215	Apache Tomcat 3.1	3.1.1				0	0	0	0
216	Apache Tomcat 3.0	3.0				0	0	0	0
217	Apache Tomcat 1.1	1.1.3				0	0	0	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	Update date Published date	Show Affected	Exploit PoC Search
201	- 4.3	MEDIUM	Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/funct…	CWE-79 Cross-site Scripting	CVE-2005-4838	cpe:2.3:a:apache:tomcat::		5.5.6	2023-11-7 10:58 2005-12-31	Show	GitHub Exploit DB Packet Storm

202	- 5.0	MEDIUM	Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of fil…	NVD-CWE-Other	CVE-2005-3510	cpe:2.3:a:apache:tomcat:5.5.9:* cpe:2.3:a:apache:tomcat:5.5.8:* cpe:2.3:a:apache:tomcat:5.5.7:* cpe:2.3:a:apac…			2023-11-7 10:57 2005-11-6	Show	GitHub Exploit DB Packet Storm

203	- 2.6	LOW	The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken …	CWE-200 Information Exposure	CVE-2005-3164	cpe:2.3:a:apache:tomcat::	4.0.1 4.1.0	4.0.6 4.1.36	2023-11-7 10:57 2005-10-6	Show	GitHub Exploit DB Packet Storm

204	- 4.3	MEDIUM	Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP requ…	NVD-CWE-Other	CVE-2005-2090	cpe:2.3:a:apache:tomcat:5.0.19:* cpe:2.3:a:apache:tomcat:4.1.24:*			2023-11-7 10:57 2005-07-5	Show	GitHub Exploit DB Packet Storm

205	- 5.0	MEDIUM	Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.	NVD-CWE-Other	CVE-2005-0808	cpe:2.3:a:apache:tomcat:3.3:* cpe:2.3:a:apache:tomcat:3.3.1a:* cpe:2.3:a:apache:tomcat:3.3.1:* cpe:2.3:a:apach…			2017-07-11 10:32 2005-05-2	Show	GitHub Exploit DB Packet Storm

206	- 5.0	MEDIUM	The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, whi…	NVD-CWE-Other	CVE-2003-0866	cpe:2.3:a:apache:tomcat:4.0.6:* cpe:2.3:a:apache:tomcat:4.0.5:* cpe:2.3:a:apache:tomcat:4.0.4:* cpe:2.3:a:apac…			2023-11-7 10:56 2003-11-17	Show	GitHub Exploit DB Packet Storm

207	- 6.8	MEDIUM	Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp…	NVD-CWE-Other	CVE-2002-1567	cpe:2.3:a:apache:tomcat:4.1.0:*			2023-11-7 10:56 2003-10-6	Show	GitHub Exploit DB Packet Storm

208	- 5.0	MEDIUM	Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a J…	NVD-CWE-Other	CVE-2003-0042	cpe:2.3:a:apache:tomcat:3.3:* cpe:2.3:a:apache:tomcat:3.3.1:* cpe:2.3:a:apache:tomcat:3.2:* cpe:2.3:a:apache:t…			2017-07-11 10:29 2003-02-7	Show	GitHub Exploit DB Packet Storm

209	- 5.0	MEDIUM	Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through …	NVD-CWE-Other	CVE-2003-0043	cpe:2.3:a:apache:tomcat:3.3:* cpe:2.3:a:apache:tomcat:3.3.1:* cpe:2.3:a:apache:tomcat:3.2:* cpe:2.3:a:apache:t…			2017-10-10 10:30 2003-02-7	Show	GitHub Exploit DB Packet Storm

210	- 6.8	MEDIUM	Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HT…	NVD-CWE-Other	CVE-2003-0044	cpe:2.3:a:apache:tomcat:3.3:* cpe:2.3:a:apache:tomcat:3.3.1a:* cpe:2.3:a:apache:tomcat:3.3.1:* cpe:2.3:a:apach…			2017-07-11 10:29 2003-02-7	Show	GitHub Exploit DB Packet Storm