Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache Tomcat Number Of NVD 240 CRITICAL 16 HIGH 74 MEDIUM 133 LOW 15
URL http://tomcat.apache.org/
Explanation ApacheTomcat is a web container (servlet container, servlet engine) for running Java Servlets and Java Server Pages (JSP).
It was previously developed by the Jakarta project.
It can also be used as a web server for static content delivery.
It has been adopted by many companies that require large scale and stable systems.
Tag
  • オープンソース
  • Apache License v2.0

Add Information URL
No Type Name URL
1 http://tomcat.apache.org/security.html
2 http://tomcat.apache.org/whichversion.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
231 Apache Tomcat 11.0 11.0.14 June 22, 2026 Feb. 23, 2023 10 15 9 1
232 Apache Tomcat 10.1 10.1.49 Nov. 10, 2025 Sept. 26, 2022 10 21 10 2
233 Apache Tomcat 9.0 9.0.118 May 10, 2026 Jan. 22, 2018 16 54 30 2
234 Apache Tomcat 8.5 8.5.100 March 25, 2024 June 13, 2016 12 46 26 2
235 Apache Tomcat 8 8.0.53 June 29, 2018 June 25, 2014 June 30, 2018 6 21 22 0
236 Apache Tomcat 7 7.0.109 April 22, 2021 June 29, 2010 March 31, 2021 10 35 59 6
237 Apache Tomcat 6 6.0.53 April 2, 2017 Dec. 1, 2006 Dec. 31, 2016 4 16 63 5
238 Apache Tomcat 5.5 5.5.9 0 0 0 0
239 Apache Tomcat 5.0 5.0.9 0 0 0 0
240 Apache Tomcat 4.1 4.1.9 0 0 0 0
241 Apache Tomcat 4.0 4.0.6 0 0 0 0
242 Apache Tomcat 3.3 3.3.2 0 0 0 0
243 Apache Tomcat 3.2 3.2.4 0 0 0 0
244 Apache Tomcat 3.1 3.1.1 0 0 0 0
245 Apache Tomcat 3.0 3.0 0 0 0 0
246 Apache Tomcat 1.1 1.1.3 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
231 -
7.5
HIGH Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions. CWE-254
 7PK - Security Features
CVE-2002-0493 cpe:2.3:a:apache:tomcat:*:* 3.3.2 2023-11-7 10:55
2002-08-12
Show GitHub Exploit DB Packet Storm
232 -
7.5
HIGH Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script… NVD-CWE-Other
CVE-2002-0682 cpe:2.3:a:apache:tomcat:4.0.3:* 2023-11-7 10:55
2002-07-23
Show GitHub Exploit DB Packet Storm
233 -
5.0
MEDIUM Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp. NVD-CWE-Other
CVE-2000-1210 cpe:2.3:a:apache:tomcat:*:* 3.1 2016-10-18 11:09
2002-03-22
Show GitHub Exploit DB Packet Storm
234 -
7.5
HIGH Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether t… NVD-CWE-Other
CVE-2001-1563 cpe:2.3:a:apache:tomcat:3.2.1:* 2017-07-11 10:29
2001-12-31
Show GitHub Exploit DB Packet Storm
235 -
5.1
MEDIUM A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error mes… NVD-CWE-Other
CVE-2001-0829 cpe:2.3:a:apache:tomcat:3.2.1:* 2008-09-11 04:09
2001-12-6
Show GitHub Exploit DB Packet Storm
236 -
5.0
MEDIUM Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension. NVD-CWE-Other
CVE-2001-0917 cpe:2.3:a:apache:tomcat:4.0.1:* 2023-11-7 10:55
2001-11-22
Show GitHub Exploit DB Packet Storm
237 -
5.0
MEDIUM Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol… NVD-CWE-Other
CVE-2001-0590 cpe:2.3:a:apache:tomcat:*:* 3.2.2 2017-10-10 10:29
2001-08-2
Show GitHub Exploit DB Packet Storm
238 -
6.4
MEDIUM Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path. NVD-CWE-Other
CVE-2000-0759 cpe:2.3:a:apache:tomcat:3.1:* 2023-11-7 10:55
2000-10-20
Show GitHub Exploit DB Packet Storm
239 -
6.4
MEDIUM The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. NVD-CWE-Other
CVE-2000-0760 cpe:2.3:a:apache:tomcat:3.1:*
cpe:2.3:a:apache:tomcat:3.0:*
2023-11-7 10:55
2000-10-20
Show GitHub Exploit DB Packet Storm
240 -
5.0
MEDIUM The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to ad… NVD-CWE-noinfo
CVE-2000-0672 cpe:2.3:a:apache:tomcat:3.1:*
cpe:2.3:a:apache:tomcat:3.0:*
2022-02-23 05:00
2000-07-20
Show GitHub Exploit DB Packet Storm