Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache Tomcat Number Of NVD 231 CRITICAL 12 HIGH 72 MEDIUM 130 LOW 15
URL http://tomcat.apache.org/
Explanation ApacheTomcat is a web container (servlet container, servlet engine) for running Java Servlets and Java Server Pages (JSP).
It was previously developed by the Jakarta project.
It can also be used as a web server for static content delivery.
It has been adopted by many companies that require large scale and stable systems.
Tag
  • Apache License v2.0
  • オープンソース
Add Information URL
No Type Name URL
1 http://tomcat.apache.org/security.html
2 http://tomcat.apache.org/whichversion.html
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
101 Apache Tomcat 11.0 11.0.14 Nov. 10, 2025 Feb. 23, 2023 6 13 6 1
102 Apache Tomcat 10.1 10.1.49 Nov. 10, 2025 Sept. 26, 2022 6 19 7 2
103 Apache Tomcat 10.0 10.0.27 Oct. 10, 2022 Dec. 8, 2020 1 15 4 1
104 Apache Tomcat 9.0 9.0.118 May 10, 2026 Jan. 22, 2018 12 52 27 2
105 Apache Tomcat 8.5 8.5.100 March 25, 2024 June 13, 2016 9 44 23 2
106 Apache Tomcat 8 8.0.53 June 29, 2018 June 25, 2014 June 30, 2018 4 20 20 0
107 Apache Tomcat 7 7.0.109 April 22, 2021 June 29, 2010 March 31, 2021 7 34 56 6
108 Apache Tomcat 6 6.0.53 April 2, 2017 Dec. 1, 2006 Dec. 31, 2016 2 15 60 5
109 Apache Tomcat 5.5 5.5.9 0 0 0 0
110 Apache Tomcat 5.0 5.0.9 0 0 0 0
111 Apache Tomcat 4.1 4.1.9 0 0 0 0
112 Apache Tomcat 4.0 4.0.6 0 0 0 0
113 Apache Tomcat 3.3 3.3.2 0 0 0 0
114 Apache Tomcat 3.2 3.2.4 0 0 0 0
115 Apache Tomcat 3.1 3.1.1 0 0 0 0
116 Apache Tomcat 3.0 3.0 0 0 0 0
117 Apache Tomcat 1.1 1.1.3 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
101 4.3
4.0 		MEDIUM
Network 		Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/Restrict… CWE-200
Information Exposure 		CVE-2016-0706 cpe:2.3:a:apache:tomcat:9.0.0:milestone1
cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apache:tomcat:8.0.30:*
cpe:… 		2024-11-21 11:42
2016-02-25 		Show GitHub Exploit DB Packet Storm
102 8.8
6.8 		HIGH
Network 		The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, wh… CWE-352
 Origin Validation Error 		CVE-2015-5351 cpe:2.3:a:apache:tomcat:9.0.0:milestone1
cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apache:tomcat:8.0.30:*
cpe:… 		2024-11-21 11:32
2016-02-25 		Show GitHub Exploit DB Packet Storm
103 8.1
6.8 		HIGH
Network 		Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the sam… NVD-CWE-Other
CVE-2015-5346 cpe:2.3:a:apache:tomcat:9.0.0:milestone1
cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apache:tomcat:8.0.29:*
cpe:… 		2024-11-21 11:32
2016-02-25 		Show GitHub Exploit DB Packet Storm
104 5.3
5.0 		MEDIUM
Network 		The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which a… CWE-22
Path Traversal 		CVE-2015-5345 cpe:2.3:a:apache:tomcat:9.0.0:milestone1
cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apache:tomcat:8.0.29:*
cpe:… 		2024-11-21 11:32
2016-02-25 		Show GitHub Exploit DB Packet Storm
105 4.3
4.0 		MEDIUM
Network 		Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager… CWE-22
Path Traversal 		CVE-2015-5174 cpe:2.3:a:apache:tomcat:8.0.26:*
cpe:2.3:a:apache:tomcat:8.0.24:*
cpe:2.3:a:apache:tomcat:8.0.23:*
cpe:2.3:a:a… 		2024-11-21 11:32
2016-02-25 		Show GitHub Exploit DB Packet Storm
106 6.3
6.5 		MEDIUM
Network 		The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLink… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2016-0763 cpe:2.3:a:apache:tomcat:9.0.0:milestone1
cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apache:tomcat:8.0.30:*
cpe:… 		2024-11-21 11:42
2016-02-25 		Show GitHub Exploit DB Packet Storm
107 -
5.0 		MEDIUM The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemen… CWE-284
Improper Access Control 		CVE-2014-7810 cpe:2.3:a:apache:tomcat:8.0.9:*
cpe:2.3:a:apache:tomcat:8.0.9:*
cpe:2.3:a:apache:tomcat:8.0.8:*
cpe:2.3:a:apac… 		2024-11-21 11:18
2015-06-8 		Show GitHub Exploit DB Packet Storm
108 -
7.8 		HIGH Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which all… CWE-399
 Resource Management Errors 		CVE-2014-0230 cpe:2.3:a:apache:tomcat:8.0.8:*
cpe:2.3:a:apache:tomcat:8.0.5:*
cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apac… 		2024-11-21 11:01
2015-06-8 		Show GitHub Exploit DB Packet Storm
109 -
6.4 		MEDIUM java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data af… CWE-19
 Data Processing Errors 		CVE-2014-0227 cpe:2.3:a:apache:tomcat:8.0.8:*
cpe:2.3:a:apache:tomcat:8.0.5:*
cpe:2.3:a:apache:tomcat:8.0.3:*
cpe:2.3:a:apac… 		2024-11-21 11:01
2015-02-16 		Show GitHub Exploit DB Packet Storm
110 -
6.8 		MEDIUM Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execut… CWE-94
Code Injection 		CVE-2013-4444 cpe:2.3:a:apache:tomcat:7.0.4:beta
cpe:2.3:a:apache:tomcat:7.0.4:*
cpe:2.3:a:apache:tomcat:7.0.3:*
cpe:2.3:a:a… 		7.0.39 2024-11-21 10:55
2014-09-12 		Show GitHub Exploit DB Packet Storm