VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.apache.tomcat:tomcat-catalina

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-43512 critical 9.8 9.8 16d ago Apache Tomcat - Digest authenticator will authenticate any unknown user susedebianjavaapache
CVE-2026-41293 critical 9.8 9.8 16d ago Apache Tomcat - HTTP/2 request headers not validated susedebianjavaapache
CVE-2025-55754 critical 9.6 9.6 10d ago Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences redhatsusedebianjava+1
CVE-2026-43515 critical 9.1 9.1 16d ago Apache Tomcat - Security constraints not correctly applied susedebianjavaapache
CVE-2017-5648 critical 9.1 9.1 9y ago Exposure of Resource to Wrong Sphere in Apache Tomcat susedebianjavaapache
CVE-2016-5388 high 8.1 8.1 10y ago Improper Access Control in Apache Tomcat suseredhatdebianjava+2
CVE-2025-55668 high 8.0 10d ago Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Old… redhatsusedebianjava
CVE-2025-46701 high 8.0 10d ago Apache Tomcat - CGI security constraint bypass archredhatsusedebian+1
CVE-2025-31651 high 8.0 6mo ago Apache Tomcat Rewrite rule bypass rockylinuxredhatsusedebian+1
CVE-2025-48988 high 8.0 9mo ago Apache Tomcat - DoS in multipart upload archredhatrockylinuxsuse+2
CVE-2025-49125 high 8.0 9mo ago Apache Tomcat - Security constraint bypass for pre/post-resources archredhatrockylinuxsuse+2
CVE-2025-52520 high 8.0 9mo ago Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits redhatrockylinuxsusedebian+1
CVE-2024-56337 high 8.0 11mo ago Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability redhatrockylinuxsusedebian+1
CVE-2023-46589 high 8.0 2y ago Apache Tomcat Improper Input Validation vulnerability redhatrockylinuxsusedebian+1
CVE-2020-9484 high 8.0 6y ago Potential remote code execution in Apache Tomcat archsusedebianjava
CVE-2026-43513 high 7.5 7.5 16d ago Apache Tomcat: LockOutRealm treats user names as case-sensitive susedebianjavaapache
CVE-2026-41284 high 7.5 7.5 16d ago Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling susedebianjavaapache
CVE-2025-55752 high 7.5 7.5 6mo ago Apache Tomcat Vulnerable to Relative Path Traversal rockylinuxredhatsusedebian+2
CVE-2017-12616 high 7.5 7.5 9y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat susejavaapache
CVE-2026-42498 high 7.3 7.3 16d ago Apache Tomcat - WebSocket authentication header exposure susedebianjavaapache
CVE-2026-43514 low 3.7 3.7 16d ago Apache Tomcat - AJP secret compared in non-constant time susedebianjavaapache
CVE-2024-54677 low 2.5 2y ago Apache Tomcat Uncontrolled Resource Consumption vulnerability susedebianjava