Software Detail

Software Informaton Top

Web Server

Software Detail

Apache Tomcat

Number Of NVD

231

CRITICAL

HIGH

MEDIUM

130

LOW

URL	http://tomcat.apache.org/
Explanation	ApacheTomcat is a web container (servlet container, servlet engine) for running Java Servlets and Java Server Pages (JSP). It was previously developed by the Jakarta project. It can also be used as a web server for static content delivery. It has been adopted by many companies that require large scale and stable systems.
Tag	Apache License v2.0 オープンソース

Add Information URL

No	Type	Name	URL
1			http://tomcat.apache.org/security.html
2			http://tomcat.apache.org/whichversion.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
211	Apache Tomcat 11.0	11.0.14	Nov. 10, 2025	Feb. 23, 2023		6	13	6	1
212	Apache Tomcat 10.1	10.1.49	Nov. 10, 2025	Sept. 26, 2022		6	19	7	2
213	Apache Tomcat 10.0	10.0.27	Oct. 10, 2022	Dec. 8, 2020		1	15	4	1
214	Apache Tomcat 9.0	9.0.118	May 10, 2026	Jan. 22, 2018		12	52	27	2
215	Apache Tomcat 8.5	8.5.100	March 25, 2024	June 13, 2016		9	44	23	2
216	Apache Tomcat 8	8.0.53	June 29, 2018	June 25, 2014	June 30, 2018	4	20	20	0
217	Apache Tomcat 7	7.0.109	April 22, 2021	June 29, 2010	March 31, 2021	7	34	56	6
218	Apache Tomcat 6	6.0.53	April 2, 2017	Dec. 1, 2006	Dec. 31, 2016	2	15	60	5
219	Apache Tomcat 5.5	5.5.9				0	0	0	0
220	Apache Tomcat 5.0	5.0.9				0	0	0	0
221	Apache Tomcat 4.1	4.1.9				0	0	0	0
222	Apache Tomcat 4.0	4.0.6				0	0	0	0
223	Apache Tomcat 3.3	3.3.2				0	0	0	0
224	Apache Tomcat 3.2	3.2.4				0	0	0	0
225	Apache Tomcat 3.1	3.1.1				0	0	0	0
226	Apache Tomcat 3.0	3.0				0	0	0	0
227	Apache Tomcat 1.1	1.1.3				0	0	0	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
211	- 5.0	MEDIUM	Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DO…	NVD-CWE-Other	CVE-2003-0045	cpe:2.3:a:apache:tomcat:3.3:* cpe:2.3:a:apache:tomcat:3.3.1:* cpe:2.3:a:apache:tomcat:3.2:* cpe:2.3:a:apache:t…	2017-10-10 10:30 2003-02-7	Show	GitHub Exploit DB Packet Storm

212	- 7.5	HIGH	Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of …	NVD-CWE-Other	CVE-2002-1394	cpe:2.3:a:apache:tomcat:4.1.9:beta cpe:2.3:a:apache:tomcat:4.1.3:beta cpe:2.3:a:apache:tomcat:4.1.10:* cpe:2.3…	2023-11-7 10:56 2003-01-17	Show	GitHub Exploit DB Packet Storm

213	- 5.0	MEDIUM	The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for…	NVD-CWE-Other	CVE-2002-2007	cpe:2.3:a:apache:tomcat:3.2.4:* cpe:2.3:a:apache:tomcat:3.2.3:*	2008-09-6 05:32 2002-12-31	Show	GitHub Exploit DB Packet Storm

214	- 7.8	HIGH	Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a …	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2002-2272	cpe:2.3:a:apache:tomcat:4.1.9:beta cpe:2.3:a:apache:tomcat:4.1.3:beta cpe:2.3:a:apache:tomcat:4.1.3:* cpe:2.3:…	2017-07-29 10:29 2002-12-31	Show	GitHub Exploit DB Packet Storm

215	- 5.0	MEDIUM	The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET request…	NVD-CWE-Other	CVE-2002-1895	cpe:2.3:a:apache:tomcat:4.0.4:* cpe:2.3:a:apache:tomcat:3.3:*	2023-11-7 10:56 2002-12-31	Show	GitHub Exploit DB Packet Storm

216	- 5.0	MEDIUM	The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet…	NVD-CWE-Other	CVE-2002-2006	cpe:2.3:a:apache:tomcat:4.1.0:* cpe:2.3:a:apache:tomcat:4.0.3:* cpe:2.3:a:apache:tomcat:4.0.2:* cpe:2.3:a:apac…	2023-11-7 10:56 2002-12-31	Show	GitHub Exploit DB Packet Storm

217	- 5.0	MEDIUM	Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error messa…	NVD-CWE-Other	CVE-2002-2008	cpe:2.3:a:apache:tomcat:4.0.3:*	2023-11-7 10:56 2002-12-31	Show	GitHub Exploit DB Packet Storm

218	- 5.0	MEDIUM	Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.	NVD-CWE-Other	CVE-2002-2009	cpe:2.3:a:apache:tomcat:4.0.1:*	2023-11-7 10:56 2002-12-31	Show	GitHub Exploit DB Packet Storm

219	- 5.0	MEDIUM	The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servl…	NVD-CWE-Other	CVE-2002-1148	cpe:2.3:a:apache:tomcat:4.1.9:beta cpe:2.3:a:apache:tomcat:4.1.3:beta cpe:2.3:a:apache:tomcat:4.1.10:* cpe:2.3…	2023-11-7 10:55 2002-10-11	Show	GitHub Exploit DB Packet Storm

220	- 5.0	MEDIUM	Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null c…	NVD-CWE-Other	CVE-2002-0935	cpe:2.3:a:apache:tomcat:4.0.3:*	2023-11-7 10:55 2002-10-4	Show	GitHub Exploit DB Packet Storm