CVE-2016-5388 high 8.1
8.1
10y ago
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted cli…
suse redhat debian java +2
CVE-2025-46701 high —
8.0
10d ago
Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to th…
arch redhat suse debian +1
CVE-2025-55668 high —
8.0
10d ago
Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Old…
redhat suse debian java
CVE-2025-31651 high —
8.0
6mo ago
Important: tomcat security update
rockylinux redhat suse debian +1
CVE-2025-52520 high —
8.0
9mo ago
Important: tomcat security update
redhat rockylinux suse debian +1
CVE-2025-49125 high —
8.0
9mo ago
Important: tomcat security update
arch redhat rockylinux suse +2
CVE-2025-48988 high —
8.0
9mo ago
Important: tomcat security update
arch redhat rockylinux suse +2
CVE-2024-56337 high —
8.0
11mo ago
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
redhat rockylinux suse debian +1
CVE-2023-46589 high —
8.0
2y ago
Important: tomcat security update
redhat rockylinux suse debian +1
CVE-2020-9484 high —
8.0
6y ago
Potential remote code execution in Apache Tomcat
arch suse debian java
CVE-2026-43513 high 7.5
7.5
16d ago
Apache Tomcat: LockOutRealm treats user names as case-sensitive
suse debian java apache
CVE-2026-41284 high 7.5
7.5
16d ago
Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling
suse debian java apache
CVE-2025-55752 high 7.5
7.5
6mo ago
Important: tomcat security update
rockylinux redhat suse debian +2
CVE-2017-12616 high 7.5
7.5
9y ago
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
suse java apache
CVE-2026-42498 high 7.3
7.3
16d ago
Apache Tomcat - WebSocket authentication header exposure
suse debian java apache
CVE-2025-24813 medium —
7.0
1y ago
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
redhat rockylinux suse debian +1
CVE-2024-50379 medium —
5.5
11mo ago
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
redhat rockylinux suse debian +1
CVE-2023-28708 medium —
5.5
3y ago
Apache Tomcat vulnerable to Unprotected Transport of Credentials
redhat suse debian java
CVE-2025-61795 medium 5.3
5.3
7mo ago
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
suse debian java apache
CVE-2012-5886 medium —
5.0
14y ago
Improper Authentication in Apache Tomcat
java apache
CVE-2014-0119 medium —
4.3
12y ago
Missing XML Validation in Apache Tomcat
suse java apache
CVE-2014-0096 medium —
4.3
12y ago
Improper Input Validation in Apache Tomcat
java apache
CVE-2026-43514 low 3.7
3.7
16d ago
Apache Tomcat - AJP secret compared in non-constant time
suse debian java apache
CVE-2024-54677 low —
2.5
2y ago
Apache Tomcat Uncontrolled Resource Consumption vulnerability
suse debian java