CVE-2009-3555 critical 9.8
10.0
17y ago
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9…
debian ubuntu fedora java +4
CVE-2026-43512 critical 9.8
9.8
16d ago
Apache Tomcat - Digest authenticator will authenticate any unknown user
suse debian java apache
CVE-2026-41293 critical 9.8
9.8
16d ago
Apache Tomcat - HTTP/2 request headers not validated
suse debian java apache
CVE-2025-55754 critical 9.6
9.6
9d ago
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences
redhat suse debian java +1
CVE-2026-29145 critical —
9.5
2mo ago
Apache Tomcat: CLIENT_CERT authentication does not fail as expected
suse debian java
CVE-2026-43515 critical 9.1
9.1
16d ago
Apache Tomcat - Security constraints not correctly applied
suse debian java apache
CVE-2013-4444 medium —
6.8
12y ago
Apache Tomcat Unrestricted file upload vulnerability
suse java apache
CVE-2013-2067 medium —
6.8
13y ago
Improper Authentication in Apache Tomcat
java apache
CVE-2014-0227 medium —
6.4
11y ago
Improper Input Validation in Apache Tomcat
java apache
CVE-2010-4312 medium —
6.4
16y ago
Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header
java apache
CVE-2010-2227 medium —
6.4
16y ago
Apache Tomcat does not properly handle an invalid Transfer-Encoding header
java apache
CVE-2016-0763 medium 6.3
6.3
10y ago
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLink…
debian ubuntu java apache
CVE-2016-0762 medium 5.9
5.9
9y ago
Observable Discrepancy in Apache Tomcat
suse debian redhat ubuntu +3
CVE-2013-4286 medium —
5.8
12y ago
Apache Tomcat is vulnerable to HTTP request-smuggling
java apache
CVE-2011-1183 medium —
5.8
15y ago
Access controll bypass in Apache Tomcat
java apache
CVE-2011-1419 medium —
5.8
15y ago
Apache Tomcat does not follow ServletSecurity annotations
java apache
CVE-2011-1088 medium —
5.8
15y ago
Apache Tomcat allows remote attackers to bypass intended access restrictions
java apache
CVE-2009-2693 medium —
5.8
17y ago
Apache Tomcat Directory Traversal vulnerability
java apache
CVE-2023-42795 medium —
5.5
2y ago
Moderate: tomcat security update
redhat suse debian java
CVE-2023-45648 medium —
5.5
2y ago
Moderate: tomcat security update
redhat suse debian java
CVE-2023-41080 medium —
5.5
2y ago
Moderate: tomcat security update
redhat suse debian java
CVE-2022-25762 medium —
5.5
4y ago
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible tha…
suse rockylinux debian java
CVE-2020-11996 medium —
5.5
4y ago
Uncontrolled Resource Consumption in Apache Tomcat
arch suse debian java
CVE-2020-1935 medium —
5.5
6y ago
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as va…
rockylinux debian java
CVE-2025-61795 medium 5.3
5.3
7mo ago
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
suse debian java apache
CVE-2016-6794 medium 5.3
5.3
9y ago
System Property Disclosure in Apache Tomcat
suse debian redhat ubuntu +3
CVE-2015-5345 medium 5.3
5.3
10y ago
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which a…
suse debian ubuntu java +1
CVE-2014-7810 medium —
5.0
11y ago
Improper Access Control in Apache Tomcat
debian java apache
CVE-2014-0075 medium —
5.0
12y ago
Integer Overflow or Wraparound in Apache Tomcat
java apache
CVE-2012-3544 medium —
5.0
13y ago
Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions
suse java apache
CVE-2012-5885 medium —
5.0
14y ago
Improper Access Control in Apache Tomcat
java apache
CVE-2012-0022 medium —
5.0
15y ago
Denial of Service in Apache Tomcat
java apache
CVE-2011-3375 medium —
5.0
15y ago
Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
java apache
CVE-2011-5062 medium —
5.0
15y ago
Improper Authentication in Apache Tomcat
java apache
CVE-2011-1184 medium —
5.0
15y ago
Authentication Bypass in Apache Tomcat
java apache
CVE-2011-4858 medium —
5.0
15y ago
Improper Input Validation in Apache Tomcat
java apache
CVE-2011-1475 medium —
5.0
15y ago
Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
java apache
CVE-2010-4476 medium —
5.0
16y ago
Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment
java
CVE-2011-0534 medium —
5.0
16y ago
Apache Tomcat does not enforce the maxHttpHeaderSize limit
java apache
CVE-2011-2481 medium —
4.6
15y ago
Apache Tomcat Allows Replacing of XML Parser
java apache
CVE-2011-2526 medium —
4.4
15y ago
Improper Input Validation in Apache Tomcat
java apache
CVE-2017-7674 medium 4.3
4.3
9y ago
Insufficient Verification of Data Authenticity in Apache Tomcat
suse debian java apache
CVE-2016-0706 medium 4.3
4.3
10y ago
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
suse debian ubuntu java +1
CVE-2015-5174 medium 4.3
4.3
10y ago
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
suse debian ubuntu java +1
CVE-2014-0119 medium —
4.3
12y ago
Missing XML Validation in Apache Tomcat
suse java apache
CVE-2014-0099 medium —
4.3
12y ago
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat
suse java apache
CVE-2014-0096 medium —
4.3
12y ago
Improper Input Validation in Apache Tomcat
java apache
CVE-2014-0033 medium —
4.3
12y ago
Improper Input Validation in Apache Tomcat
java apache
CVE-2013-4590 medium —
4.3
12y ago
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
debian java apache
CVE-2013-4322 medium —
4.3
12y ago
Apache Tomcat Denial of Service vulnerability
java apache
CVE-2012-4431 medium —
4.3
14y ago
Cross-Site Request Forgery in Apache Tomcat
java apache
CVE-2012-3546 medium —
4.3
14y ago
Authentication Bypass in Apache Tomcat
java apache
CVE-2011-5064 medium —
4.3
15y ago
Use of Hard-coded Cryptographic Key in Apache Tomcat
java apache
CVE-2011-5063 medium —
4.3
15y ago
Improper Authentication in Apache Tomcat
java apache
CVE-2011-1582 medium —
4.3
15y ago
Access restriction bypass in Apache Tomcat
java apache
CVE-2011-0013 medium —
4.3
16y ago
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
java apache
CVE-2010-4172 medium —
4.3
16y ago
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
java apache
CVE-2009-2902 medium —
4.3
17y ago
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat
java apache
CVE-2009-2901 medium —
4.3
17y ago
Improper Authentication in Apache Tomcat
java apache
CVE-2026-43514 low 3.7
3.7
16d ago
Apache Tomcat - AJP secret compared in non-constant time
suse debian java apache
CVE-2013-2071 low —
2.6
13y ago
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
java apache
CVE-2010-1157 low —
2.6
16y ago
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
java apache
CVE-2024-54677 low —
2.5
2y ago
Apache Tomcat Uncontrolled Resource Consumption vulnerability
suse debian java
CVE-2011-2204 low —
1.9
15y ago
Insertion of Sensitive Information into Log File in Apache Tomcat
java apache
CVE-2010-3718 low —
1.2
16y ago
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
java apache
CVE-2026-32990 unknown —
—
2mo ago
Apache Tomcat has an Improper Input Validation vulnerability
debian java
CVE-2025-49124 unknown —
—
1y ago
Apache Tomcat installer for Windows has an untrusted search path vulnerability
suse debian java
CVE-2022-34305 unknown —
—
4y ago
Cross-site Scripting in Apache Tomcat
suse debian java
CVE-2012-5887 unknown —
—
4y ago
Improper Authentication in Apache Tomcat
java
CVE-2017-15706 unknown —
—
4y ago
Inconsistent documentation in Apache Tomcat
suse debian java
CVE-2009-0033 unknown —
—
4y ago
Apache Tomcat Denial of Service via Malformed Request Headers
java
CVE-2008-4308 unknown —
—
4y ago
Apache Tomcat information disclosure vulnerability
java
CVE-2008-0002 unknown —
—
4y ago
Apache Tomcat Sensitive Information Disclosure
java
CVE-2007-3384 unknown —
—
4y ago
Apache Tomcat's CookieExample Vulnerable to XSS
java
CVE-2007-3385 unknown —
—
4y ago
Apache Tomcat Mishandles Character Sequence in Cookies
java
CVE-2007-2450 unknown —
—
4y ago
Apache Tomcat vulnerable to Cross-site Scripting
java
CVE-2007-0450 unknown —
—
4y ago
Apache Tomcat Directory Traversal
java
CVE-2005-3510 unknown —
—
4y ago
Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests
java
CVE-2002-2006 unknown —
—
4y ago
Apache Tomcat Default Installation Reveals Sensitive Information
java
CVE-2002-1567 unknown —
—
4y ago
Apache Tomcat XSS Vulnerability
java
CVE-2002-1394 unknown —
—
4y ago
Apache Tomcat Source Code Disclosure
java
CVE-2001-0917 unknown —
—
4y ago
Apache Tomcat Reveals Path through Long URL
java
CVE-2001-0829 unknown —
—
4y ago
Apache Tomcat allows webmasters to insert xss into error messages
java
CVE-2000-1210 unknown —
—
4y ago
Apache Tomcat Directory Traversal
java
CVE-2003-0866 unknown —
—
4y ago
Apache Tomcat Denial of Service vulnerability in the Catalina package
java
CVE-2003-0044 unknown —
—
4y ago
Jakarta Tomcat cross-site scripting (XSS) vulnerability
java
CVE-2021-41079 unknown —
—
5y ago
Infinite loop in Tomcat due to parsing error
suse debian java
CVE-2021-30640 unknown —
—
5y ago
Authentication Bypass by Alternate Name in Apache Tomcat
suse debian java
CVE-2021-33037 unknown —
—
5y ago
HTTP Request Smuggling in Apache Tomcat
suse debian java
CVE-2021-30639 unknown —
—
5y ago
Improper Handling of Exceptional Conditions in Apache Tomcat
debian java
CVE-2019-17569 unknown —
—
6y ago
Potential HTTP request smuggling in Apache Tomcat
debian java