Package impact

Maven / org.apache.tomcat:tomcat

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2009-3555	critical	9.8	10.0	17y ago	Apache Tomcat affected by vulnerability in TLS and SSL protocol	+4
CVE-2026-43512	critical	9.8	9.8	16d ago	Apache Tomcat - Digest authenticator will authenticate any unknown user
CVE-2026-41293	critical	9.8	9.8	16d ago	Apache Tomcat - HTTP/2 request headers not validated
CVE-2025-55754	critical	9.6	9.6	10d ago	Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences	+1
CVE-2026-29145	critical	—	9.5	2mo ago	Apache Tomcat: CLIENT_CERT authentication does not fail as expected
CVE-2026-43515	critical	9.1	9.1	16d ago	Apache Tomcat - Security constraints not correctly applied
CVE-2013-4444	medium	—	6.8	12y ago	Apache Tomcat Unrestricted file upload vulnerability
CVE-2013-2067	medium	—	6.8	13y ago	Improper Authentication in Apache Tomcat
CVE-2014-0227	medium	—	6.4	11y ago	Improper Input Validation in Apache Tomcat
CVE-2010-4312	medium	—	6.4	16y ago	Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header
CVE-2010-2227	medium	—	6.4	16y ago	Apache Tomcat does not properly handle an invalid Transfer-Encoding header
CVE-2016-0763	medium	6.3	6.3	10y ago	Improper Verification of Source of a Communication Channel in Apache Tomcat
CVE-2016-0762	medium	5.9	5.9	9y ago	Observable Discrepancy in Apache Tomcat	+3
CVE-2013-4286	medium	—	5.8	12y ago	Apache Tomcat is vulnerable to HTTP request-smuggling
CVE-2011-1183	medium	—	5.8	15y ago	Access controll bypass in Apache Tomcat
CVE-2011-1419	medium	—	5.8	15y ago	Apache Tomcat does not follow ServletSecurity annotations
CVE-2011-1088	medium	—	5.8	15y ago	Apache Tomcat allows remote attackers to bypass intended access restrictions
CVE-2009-2693	medium	—	5.8	17y ago	Apache Tomcat Directory Traversal vulnerability
CVE-2023-45648	medium	—	5.5	2y ago	Moderate: tomcat security update
CVE-2023-41080	medium	—	5.5	2y ago	Moderate: tomcat security update
CVE-2023-42795	medium	—	5.5	2y ago	Apache Tomcat Incomplete Cleanup vulnerability
CVE-2022-25762	medium	—	5.5	4y ago	Improper socket reuse in Apache Tomcat
CVE-2020-11996	medium	—	5.5	4y ago	Uncontrolled Resource Consumption in Apache Tomcat
CVE-2020-1935	medium	—	5.5	6y ago	In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as va…
CVE-2025-61795	medium	5.3	5.3	7mo ago	Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
CVE-2016-6794	medium	5.3	5.3	9y ago	System Property Disclosure in Apache Tomcat	+3
CVE-2015-5345	medium	5.3	5.3	10y ago	The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which a…	+1
CVE-2014-7810	medium	—	5.0	11y ago	Improper Access Control in Apache Tomcat
CVE-2014-0075	medium	—	5.0	12y ago	Integer Overflow or Wraparound in Apache Tomcat
CVE-2012-3544	medium	—	5.0	13y ago	Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions
CVE-2012-5885	medium	—	5.0	14y ago	Improper Access Control in Apache Tomcat
CVE-2012-0022	medium	—	5.0	15y ago	Denial of Service in Apache Tomcat
CVE-2011-3375	medium	—	5.0	15y ago	Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
CVE-2011-5062	medium	—	5.0	15y ago	Improper Authentication in Apache Tomcat
CVE-2011-1184	medium	—	5.0	15y ago	Authentication Bypass in Apache Tomcat
CVE-2011-4858	medium	—	5.0	15y ago	Improper Input Validation in Apache Tomcat
CVE-2011-1475	medium	—	5.0	15y ago	Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
CVE-2010-4476	medium	—	5.0	16y ago	Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment
CVE-2011-0534	medium	—	5.0	16y ago	Apache Tomcat does not enforce the maxHttpHeaderSize limit
CVE-2011-2481	medium	—	4.6	15y ago	Apache Tomcat Allows Replacing of XML Parser
CVE-2011-2526	medium	—	4.4	15y ago	Improper Input Validation in Apache Tomcat
CVE-2017-7674	medium	4.3	4.3	9y ago	Insufficient Verification of Data Authenticity in Apache Tomcat
CVE-2016-0706	medium	4.3	4.3	10y ago	Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat	+1
CVE-2015-5174	medium	4.3	4.3	10y ago	Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat	+1
CVE-2014-0119	medium	—	4.3	12y ago	Missing XML Validation in Apache Tomcat
CVE-2014-0099	medium	—	4.3	12y ago	Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat
CVE-2014-0096	medium	—	4.3	12y ago	Improper Input Validation in Apache Tomcat
CVE-2014-0033	medium	—	4.3	12y ago	Improper Input Validation in Apache Tomcat
CVE-2013-4590	medium	—	4.3	12y ago	Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CVE-2013-4322	medium	—	4.3	12y ago	Apache Tomcat Denial of Service vulnerability
CVE-2012-4431	medium	—	4.3	14y ago	Cross-Site Request Forgery in Apache Tomcat
CVE-2012-3546	medium	—	4.3	14y ago	Authentication Bypass in Apache Tomcat
CVE-2011-5064	medium	—	4.3	15y ago	Use of Hard-coded Cryptographic Key in Apache Tomcat
CVE-2011-5063	medium	—	4.3	15y ago	Improper Authentication in Apache Tomcat
CVE-2011-1582	medium	—	4.3	15y ago	Access restriction bypass in Apache Tomcat
CVE-2011-0013	medium	—	4.3	16y ago	Improper Neutralization of Input During Web Page Generation in Apache Tomcat
CVE-2010-4172	medium	—	4.3	16y ago	Improper Neutralization of Input During Web Page Generation in Apache Tomcat
CVE-2009-2902	medium	—	4.3	17y ago	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat
CVE-2009-2901	medium	—	4.3	17y ago	Improper Authentication in Apache Tomcat
CVE-2026-43514	low	3.7	3.7	16d ago	Apache Tomcat - AJP secret compared in non-constant time
CVE-2013-2071	low	—	2.6	13y ago	Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CVE-2010-1157	low	—	2.6	16y ago	Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CVE-2024-54677	low	—	2.5	2y ago	Apache Tomcat Uncontrolled Resource Consumption vulnerability
CVE-2011-2204	low	—	1.9	15y ago	Insertion of Sensitive Information into Log File in Apache Tomcat
CVE-2010-3718	low	—	1.2	16y ago	Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
CVE-2026-29146	unknown	—	—	2mo ago	Apache Tomcat: Padding Oracle vulnerability in EncryptInterceptor
CVE-2026-32990	unknown	—	—	2mo ago	Apache Tomcat has an Improper Input Validation vulnerability
CVE-2026-25854	unknown	—	—	2mo ago	Apache Tomcat has an Open Redirect vulnerability
CVE-2025-66614	unknown	—	—	3mo ago	Apache Tomcat - Client certificate verification bypass
CVE-2025-49124	unknown	—	—	1y ago	Apache Tomcat installer for Windows has an untrusted search path vulnerability
CVE-2022-34305	unknown	—	—	4y ago	Cross-site Scripting in Apache Tomcat
CVE-2012-5887	unknown	—	—	4y ago	Improper Authentication in Apache Tomcat
CVE-2008-5515	unknown	—	—	4y ago	Directory Traversal in Apache Tomcat
CVE-2016-8747	unknown	—	—	4y ago	Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request
CVE-2017-15706	unknown	—	—	4y ago	Inconsistent documentation in Apache Tomcat
CVE-2009-0783	unknown	—	—	4y ago	Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CVE-2009-0781	unknown	—	—	4y ago	Cross-site scripting in Apache Tomcat
CVE-2009-0033	unknown	—	—	4y ago	Apache Tomcat Denial of Service via Malformed Request Headers
CVE-2008-4308	unknown	—	—	4y ago	Apache Tomcat information disclosure vulnerability
CVE-2008-1947	unknown	—	—	4y ago	Apache Tomcat Cross-site scripting (XSS) vulnerability
CVE-2008-0002	unknown	—	—	4y ago	Apache Tomcat Sensitive Information Disclosure
CVE-2007-5333	unknown	—	—	4y ago	Exposure of Sensitive Information in Apache Tomcat
CVE-2007-4724	unknown	—	—	4y ago	Apache Tomcat Example Application CSRF and XSS Vulnerabilities
CVE-2007-3384	unknown	—	—	4y ago	Apache Tomcat's CookieExample Vulnerable to XSS
CVE-2007-3385	unknown	—	—	4y ago	Apache Tomcat Mishandles Character Sequence in Cookies
CVE-2007-2449	unknown	—	—	4y ago	Apache Tomcat XSS Vulnerabilities in Examples Web Application
CVE-2007-2450	unknown	—	—	4y ago	Apache Tomcat vulnerable to Cross-site Scripting
CVE-2007-0450	unknown	—	—	4y ago	Apache Tomcat Directory Traversal
CVE-2006-7197	unknown	—	—	4y ago	Apache Tomcat Buffer Over-Read
CVE-2005-3510	unknown	—	—	4y ago	Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests
CVE-2005-2090	unknown	—	—	4y ago	Tomcat Vulnerable to Web Cache Poisoning
CVE-2002-2006	unknown	—	—	4y ago	Apache Tomcat Default Installation Reveals Sensitive Information
CVE-2002-1567	unknown	—	—	4y ago	Apache Tomcat XSS Vulnerability
CVE-2002-1394	unknown	—	—	4y ago	Apache Tomcat Source Code Disclosure
CVE-2001-0917	unknown	—	—	4y ago	Apache Tomcat Reveals Path through Long URL
CVE-2001-0829	unknown	—	—	4y ago	Apache Tomcat allows webmasters to insert xss into error messages
CVE-2000-1210	unknown	—	—	4y ago	Apache Tomcat Directory Traversal
CVE-2003-0866	unknown	—	—	4y ago	Apache Tomcat Denial of Service vulnerability in the Catalina package
CVE-2003-0044	unknown	—	—	4y ago	Jakarta Tomcat cross-site scripting (XSS) vulnerability
CVE-2003-0043	unknown	—	—	4y ago	Tomcat uses trusted privileges when processing web.xml file