Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache Tomcat Number Of NVD 240 CRITICAL 16 HIGH 74 MEDIUM 133 LOW 15
URL http://tomcat.apache.org/
Explanation ApacheTomcat is a web container (servlet container, servlet engine) for running Java Servlets and Java Server Pages (JSP).
It was previously developed by the Jakarta project.
It can also be used as a web server for static content delivery.
It has been adopted by many companies that require large scale and stable systems.
Tag
  • Apache License v2.0
  • オープンソース

Add Information URL
No Type Name URL
1 http://tomcat.apache.org/security.html
2 http://tomcat.apache.org/whichversion.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
211 Apache Tomcat 11.0 11.0.14 June 22, 2026 Feb. 23, 2023 10 15 9 1
212 Apache Tomcat 10.1 10.1.49 Nov. 10, 2025 Sept. 26, 2022 10 21 10 2
213 Apache Tomcat 9.0 9.0.118 May 10, 2026 Jan. 22, 2018 16 54 30 2
214 Apache Tomcat 8.5 8.5.100 March 25, 2024 June 13, 2016 12 46 26 2
215 Apache Tomcat 8 8.0.53 June 29, 2018 June 25, 2014 June 30, 2018 6 21 22 0
216 Apache Tomcat 7 7.0.109 April 22, 2021 June 29, 2010 March 31, 2021 10 35 59 6
217 Apache Tomcat 6 6.0.53 April 2, 2017 Dec. 1, 2006 Dec. 31, 2016 4 16 63 5
218 Apache Tomcat 5.5 5.5.9 0 0 0 0
219 Apache Tomcat 5.0 5.0.9 0 0 0 0
220 Apache Tomcat 4.1 4.1.9 0 0 0 0
221 Apache Tomcat 4.0 4.0.6 0 0 0 0
222 Apache Tomcat 3.3 3.3.2 0 0 0 0
223 Apache Tomcat 3.2 3.2.4 0 0 0 0
224 Apache Tomcat 3.1 3.1.1 0 0 0 0
225 Apache Tomcat 3.0 3.0 0 0 0 0
226 Apache Tomcat 1.1 1.1.3 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
211 -
5.0
MEDIUM Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of fil… NVD-CWE-Other
CVE-2005-3510 cpe:2.3:a:apache:tomcat:5.5.9:*
cpe:2.3:a:apache:tomcat:5.5.8:*
cpe:2.3:a:apache:tomcat:5.5.7:*
cpe:2.3:a:apac…
2023-11-7 10:57
2005-11-6
Show GitHub Exploit DB Packet Storm
212 -
2.6
LOW The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken … CWE-200
Information Exposure
CVE-2005-3164 cpe:2.3:a:apache:tomcat:*:* 4.0.1
4.1.0
4.0.6
4.1.36


2023-11-7 10:57
2005-10-6
Show GitHub Exploit DB Packet Storm
213 -
4.3
MEDIUM Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP requ… NVD-CWE-Other
CVE-2005-2090 cpe:2.3:a:apache:tomcat:5.0.19:*
cpe:2.3:a:apache:tomcat:4.1.24:*
2023-11-7 10:57
2005-07-5
Show GitHub Exploit DB Packet Storm
214 -
5.0
MEDIUM Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. NVD-CWE-Other
CVE-2005-0808 cpe:2.3:a:apache:tomcat:3.3:*
cpe:2.3:a:apache:tomcat:3.3.1a:*
cpe:2.3:a:apache:tomcat:3.3.1:*
cpe:2.3:a:apach…
2017-07-11 10:32
2005-05-2
Show GitHub Exploit DB Packet Storm
215 -
5.0
MEDIUM The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, whi… NVD-CWE-Other
CVE-2003-0866 cpe:2.3:a:apache:tomcat:4.0.6:*
cpe:2.3:a:apache:tomcat:4.0.5:*
cpe:2.3:a:apache:tomcat:4.0.4:*
cpe:2.3:a:apac…
2023-11-7 10:56
2003-11-17
Show GitHub Exploit DB Packet Storm
216 -
6.8
MEDIUM Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp… NVD-CWE-Other
CVE-2002-1567 cpe:2.3:a:apache:tomcat:4.1.0:* 2023-11-7 10:56
2003-10-6
Show GitHub Exploit DB Packet Storm
217 -
5.0
MEDIUM Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a J… NVD-CWE-Other
CVE-2003-0042 cpe:2.3:a:apache:tomcat:3.3:*
cpe:2.3:a:apache:tomcat:3.3.1:*
cpe:2.3:a:apache:tomcat:3.2:*
cpe:2.3:a:apache:t…
2017-07-11 10:29
2003-02-7
Show GitHub Exploit DB Packet Storm
218 -
5.0
MEDIUM Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through … NVD-CWE-Other
CVE-2003-0043 cpe:2.3:a:apache:tomcat:3.3:*
cpe:2.3:a:apache:tomcat:3.3.1:*
cpe:2.3:a:apache:tomcat:3.2:*
cpe:2.3:a:apache:t…
2017-10-10 10:30
2003-02-7
Show GitHub Exploit DB Packet Storm
219 -
6.8
MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HT… NVD-CWE-Other
CVE-2003-0044 cpe:2.3:a:apache:tomcat:3.3:*
cpe:2.3:a:apache:tomcat:3.3.1a:*
cpe:2.3:a:apache:tomcat:3.3.1:*
cpe:2.3:a:apach…
2017-07-11 10:29
2003-02-7
Show GitHub Exploit DB Packet Storm
220 -
5.0
MEDIUM Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DO… NVD-CWE-Other
CVE-2003-0045 cpe:2.3:a:apache:tomcat:3.3:*
cpe:2.3:a:apache:tomcat:3.3.1:*
cpe:2.3:a:apache:tomcat:3.2:*
cpe:2.3:a:apache:t…
2017-10-10 10:30
2003-02-7
Show GitHub Exploit DB Packet Storm