VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.apache.tomcat:tomcat-catalina

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-43512 critical 9.8 9.8 16d ago Apache Tomcat - Digest authenticator will authenticate any unknown user susedebianjavaapache
CVE-2026-41293 critical 9.8 9.8 16d ago Apache Tomcat - HTTP/2 request headers not validated susedebianjavaapache
CVE-2025-55754 critical 9.6 9.6 9d ago Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences redhatsusedebianjava+1
CVE-2026-43515 critical 9.1 9.1 16d ago Apache Tomcat - Security constraints not correctly applied susedebianjavaapache
CVE-2017-5648 critical 9.1 9.1 9y ago Exposure of Resource to Wrong Sphere in Apache Tomcat susedebianjavaapache
CVE-2016-5388 high 8.1 8.1 10y ago Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted cli… suseredhatdebianjava+2
CVE-2025-55668 high 8.0 9d ago Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Old… redhatsusedebianjava
CVE-2025-46701 high 8.0 9d ago Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to th… archredhatsusedebian+1
CVE-2025-31651 high 8.0 6mo ago Important: tomcat security update rockylinuxredhatsusedebian+1
CVE-2025-48988 high 8.0 9mo ago Important: tomcat security update archredhatrockylinuxsuse+2
CVE-2025-52520 high 8.0 9mo ago Important: tomcat security update redhatrockylinuxsusedebian+1
CVE-2025-49125 high 8.0 9mo ago Important: tomcat security update archredhatrockylinuxsuse+2
CVE-2024-56337 high 8.0 11mo ago Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability redhatrockylinuxsusedebian+1
CVE-2023-46589 high 8.0 2y ago Important: tomcat security update redhatrockylinuxsusedebian+1
CVE-2020-9484 high 8.0 6y ago Potential remote code execution in Apache Tomcat archsusedebianjava
CVE-2026-43513 high 7.5 7.5 16d ago Apache Tomcat: LockOutRealm treats user names as case-sensitive susedebianjavaapache
CVE-2026-41284 high 7.5 7.5 16d ago Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling susedebianjavaapache
CVE-2025-55752 high 7.5 7.5 6mo ago Important: tomcat security update rockylinuxredhatsusedebian+2
CVE-2017-12616 high 7.5 7.5 9y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat susejavaapache
CVE-2026-42498 high 7.3 7.3 16d ago Apache Tomcat - WebSocket authentication header exposure susedebianjavaapache
CVE-2026-43514 low 3.7 3.7 16d ago Apache Tomcat - AJP secret compared in non-constant time susedebianjavaapache
CVE-2024-54677 low 2.5 2y ago Apache Tomcat Uncontrolled Resource Consumption vulnerability susedebianjava
CVE-2025-49124 unknown 1y ago Apache Tomcat installer for Windows has an untrusted search path vulnerability susedebianjava