Package impact

Maven / org.apache.tomcat:tomcat-catalina

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2016-5388	high	8.1	8.1	10y ago	Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted cli…	+1
CVE-2025-55668	high	—	8.0	9d ago	Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Old…
CVE-2025-46701	high	—	8.0	9d ago	Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to th…	+1
CVE-2025-31651	high	—	8.0	6mo ago	Important: tomcat security update	+1
CVE-2025-48988	high	—	8.0	9mo ago	Important: tomcat security update	+2
CVE-2025-49125	high	—	8.0	9mo ago	Important: tomcat security update	+2
CVE-2025-52520	high	—	8.0	9mo ago	Important: tomcat security update	+1
CVE-2024-56337	high	—	8.0	11mo ago	Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability	+1
CVE-2023-46589	high	—	8.0	2y ago	Important: tomcat security update	+1
CVE-2020-9484	high	—	8.0	6y ago	Potential remote code execution in Apache Tomcat
CVE-2026-43513	high	7.5	7.5	16d ago	Apache Tomcat: LockOutRealm treats user names as case-sensitive
CVE-2026-41284	high	7.5	7.5	16d ago	Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling
CVE-2025-55752	high	7.5	7.5	6mo ago	Important: tomcat security update	+2
CVE-2017-12616	high	7.5	7.5	9y ago	Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CVE-2026-42498	high	7.3	7.3	16d ago	Apache Tomcat - WebSocket authentication header exposure