VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.apache.tomcat:tomcat

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2013-4444 medium 6.8 12y ago Apache Tomcat Unrestricted file upload vulnerability susejavaapache
CVE-2013-2067 medium 6.8 13y ago Improper Authentication in Apache Tomcat javaapache
CVE-2014-0227 medium 6.4 11y ago Improper Input Validation in Apache Tomcat javaapache
CVE-2010-4312 medium 6.4 16y ago Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header javaapache
CVE-2010-2227 medium 6.4 16y ago Apache Tomcat does not properly handle an invalid Transfer-Encoding header javaapache
CVE-2016-0763 medium 6.3 6.3 10y ago The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLink… debianubuntujavaapache
CVE-2016-0762 medium 5.9 5.9 9y ago Observable Discrepancy in Apache Tomcat susedebianredhatubuntu+2
CVE-2013-4286 medium 5.8 12y ago Apache Tomcat is vulnerable to HTTP request-smuggling javaapache
CVE-2011-1183 medium 5.8 15y ago Access controll bypass in Apache Tomcat javaapache
CVE-2011-1419 medium 5.8 15y ago Apache Tomcat does not follow ServletSecurity annotations javaapache
CVE-2011-1088 medium 5.8 15y ago Apache Tomcat allows remote attackers to bypass intended access restrictions javaapache
CVE-2009-2693 medium 5.8 17y ago Apache Tomcat Directory Traversal vulnerability javaapache
CVE-2023-45648 medium 5.5 2y ago Moderate: tomcat security update redhatsusedebianjava
CVE-2023-41080 medium 5.5 2y ago Moderate: tomcat security update redhatsusedebianjava
CVE-2023-42795 medium 5.5 2y ago Moderate: tomcat security update redhatsusedebianjava
CVE-2022-25762 medium 5.5 4y ago If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible tha… suserockylinuxdebianjava
CVE-2020-11996 medium 5.5 4y ago A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient … archsusedebianjava
CVE-2020-1935 medium 5.5 6y ago In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as va… rockylinuxdebianjava
CVE-2025-61795 medium 5.3 5.3 7mo ago Apache Tomcat Vulnerable to Improper Resource Shutdown or Release susedebianjavaapache
CVE-2016-6794 medium 5.3 5.3 9y ago System Property Disclosure in Apache Tomcat susedebianredhatubuntu+2
CVE-2015-5345 medium 5.3 5.3 10y ago The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which a… susedebianubuntujava+1
CVE-2014-7810 medium 5.0 11y ago Improper Access Control in Apache Tomcat debianjavaapache
CVE-2014-0075 medium 5.0 12y ago Integer Overflow or Wraparound in Apache Tomcat javaapache
CVE-2012-3544 medium 5.0 13y ago Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions susejavaapache
CVE-2012-5885 medium 5.0 14y ago Improper Access Control in Apache Tomcat javaapache
CVE-2012-0022 medium 5.0 15y ago Denial of Service in Apache Tomcat javaapache
CVE-2011-3375 medium 5.0 15y ago Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests javaapache
CVE-2011-5062 medium 5.0 15y ago Improper Authentication in Apache Tomcat javaapache
CVE-2011-1184 medium 5.0 15y ago Authentication Bypass in Apache Tomcat javaapache
CVE-2011-4858 medium 5.0 15y ago Improper Input Validation in Apache Tomcat javaapache
CVE-2011-1475 medium 5.0 15y ago Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users javaapache
CVE-2010-4476 medium 5.0 16y ago Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment java
CVE-2011-0534 medium 5.0 16y ago Apache Tomcat does not enforce the maxHttpHeaderSize limit javaapache
CVE-2011-2481 medium 4.6 15y ago Apache Tomcat Allows Replacing of XML Parser javaapache
CVE-2011-2526 medium 4.4 15y ago Improper Input Validation in Apache Tomcat javaapache
CVE-2017-7674 medium 4.3 4.3 9y ago The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Orig… susedebianjavaapache
CVE-2016-0706 medium 4.3 4.3 10y ago Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/Restrict… susedebianubuntujava+1
CVE-2015-5174 medium 4.3 4.3 10y ago Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat susedebianubuntujava+1
CVE-2014-0119 medium 4.3 12y ago Missing XML Validation in Apache Tomcat susejavaapache
CVE-2014-0099 medium 4.3 12y ago Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat susejavaapache
CVE-2014-0096 medium 4.3 12y ago Improper Input Validation in Apache Tomcat javaapache
CVE-2014-0033 medium 4.3 12y ago Improper Input Validation in Apache Tomcat javaapache
CVE-2013-4590 medium 4.3 12y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat debianjavaapache
CVE-2013-4322 medium 4.3 12y ago Apache Tomcat Denial of Service vulnerability javaapache
CVE-2012-4431 medium 4.3 14y ago Cross-Site Request Forgery in Apache Tomcat javaapache
CVE-2012-3546 medium 4.3 14y ago Authentication Bypass in Apache Tomcat javaapache
CVE-2011-5064 medium 4.3 15y ago Use of Hard-coded Cryptographic Key in Apache Tomcat javaapache
CVE-2011-5063 medium 4.3 15y ago Improper Authentication in Apache Tomcat javaapache
CVE-2011-1582 medium 4.3 15y ago Access restriction bypass in Apache Tomcat javaapache
CVE-2011-0013 medium 4.3 16y ago Improper Neutralization of Input During Web Page Generation in Apache Tomcat javaapache
CVE-2010-4172 medium 4.3 16y ago Improper Neutralization of Input During Web Page Generation in Apache Tomcat javaapache
CVE-2009-2902 medium 4.3 17y ago Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat javaapache
CVE-2009-2901 medium 4.3 17y ago Improper Authentication in Apache Tomcat javaapache
CVE-2026-43514 low 3.7 3.7 16d ago Apache Tomcat - AJP secret compared in non-constant time susedebianjavaapache
CVE-2013-2071 low 2.6 13y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat javaapache
CVE-2010-1157 low 2.6 16y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat javaapache
CVE-2024-54677 low 2.5 2y ago Apache Tomcat Uncontrolled Resource Consumption vulnerability susedebianjava
CVE-2011-2204 low 1.9 15y ago Insertion of Sensitive Information into Log File in Apache Tomcat javaapache
CVE-2010-3718 low 1.2 16y ago Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat javaapache
CVE-2012-5887 unknown 4y ago Improper Authentication in Apache Tomcat java