org.apache.tomcat:tomcat (maven) security advisories

MEDIUM 5.3

Maven

CVE-2023-45648

Apache Tomcat Improper Input Validation vulnerability

Oct 10, 2023

MEDIUM 5.3

Maven

CVE-2023-42795

Apache Tomcat Incomplete Cleanup vulnerability

Oct 10, 2023

CRITICAL 9.1

Maven

CVE-2025-66614

Apache Tomcat - Client certificate verification bypass

Feb 17, 2026

HIGH 7.5

Maven

CVE-2020-13935

Infinite Loop in Apache Tomcat

Feb 8, 2022

HIGH 7.5

Maven

CVE-2020-11996

Uncontrolled Resource Consumption in Apache Tomcat

Feb 9, 2022

CRITICAL 9.8

Maven

CVE-2009-3555

Apache Tomcat affected by vulnerability in TLS and SSL protocol

May 2, 2022

HIGH 7.5

Maven

CVE-2026-34486

Apache Tomcat Missing Encryption of Sensitive Data vulnerability

Apr 9, 2026

MEDIUM 6.1

Maven

CVE-2023-41080

Apache Tomcat Open Redirect vulnerability

Aug 25, 2023

CRITICAL 9.1

Maven

CVE-2026-43515

Apache Tomcat - Security constraints not correctly applied

May 12, 2026

LOW 3.7

Maven

CVE-2026-43514

Apache Tomcat - AJP secret compared in non-constant time

May 12, 2026

HIGH 7.5

Maven

CVE-2026-29129

Apache Tomcat: Configured cipher preference order not preserved

Apr 9, 2026

MEDIUM 5.3

Maven

CVE-2024-54677

Apache Tomcat Uncontrolled Resource Consumption vulnerability

Dec 17, 2024

CRITICAL 9.1

Maven

CVE-2026-29145

Apache Tomcat: CLIENT_CERT authentication does not fail as expected

Apr 9, 2026

HIGH 7.5

Maven

CVE-2020-13934

Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat

Feb 8, 2022

CRITICAL 9.8

Maven

CVE-2026-41293

Apache Tomcat - HTTP/2 request headers not validated

May 12, 2026

HIGH 7.3

Maven

CVE-2026-42498

Apache Tomcat - WebSocket authentication header exposure

May 12, 2026

CRITICAL 9.8

Maven

CVE-2026-43512

Apache Tomcat - Digest authenticator will authenticate any unknown user

May 12, 2026

HIGH 7.5

Maven

CVE-2026-43513

Apache Tomcat: LockOutRealm treats user names as case-sensitive

May 12, 2026

HIGH 7.5

Maven

CVE-2026-41284

Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling

May 12, 2026

MEDIUM 4.8

Maven

CVE-2020-1935

Potential HTTP request smuggling in Apache Tomcat

Feb 28, 2020

HIGH 8.6

Maven

CVE-2022-25762

Improper socket reuse in Apache Tomcat

May 14, 2022

HIGH 7.5

Maven

CVE-2025-55752

Apache Tomcat Vulnerable to Relative Path Traversal

Oct 27, 2025

CRITICAL 9.6

Maven

CVE-2025-55754

Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences

Oct 27, 2025

MEDIUM 5.3

Maven

CVE-2025-61795

Apache Tomcat Vulnerable to Improper Resource Shutdown or Release

Oct 27, 2025

HIGH 7.5

Maven

CVE-2026-34483

Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve

Apr 9, 2026

HIGH 7.5

Maven

CVE-2026-29146

Apache Tomcat: Padding Oracle vulnerability in EncryptInterceptor

Apr 9, 2026

MEDIUM 6.1

Maven

CVE-2026-25854

Apache Tomcat has an Open Redirect vulnerability

Apr 9, 2026

MEDIUM 5.3

Maven

CVE-2026-32990

Apache Tomcat has an Improper Input Validation vulnerability

Apr 9, 2026

HIGH 7.5

Maven

CVE-2026-34487

Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File

Apr 9, 2026

UNKNOWN

Maven

CVE-2026-24733

Apache Tomcat - Security constraint bypass with HTTP/0.9

Feb 17, 2026

HIGH 7.8

Maven

CVE-2020-8022

Incorrect Default Permissions in Apache Tomcat

Feb 9, 2022

UNKNOWN

Maven

CVE-2007-0450

Apache Tomcat Directory Traversal

May 1, 2022

UNKNOWN

Maven

CVE-2025-49124

Apache Tomcat installer for Windows has an untrusted search path vulnerability

Jun 16, 2025

MEDIUM 5.3

Maven

CVE-2015-5345

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

May 14, 2022

MEDIUM 4.3

Maven

CVE-2015-5174

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2014-0099

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2014-0119

Missing XML Validation in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2014-0096

Improper Input Validation in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2014-0075

Integer Overflow or Wraparound in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2012-3544

Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions

May 14, 2022

MEDIUM 4.2

Maven

CVE-2009-0783

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

May 2, 2022

UNKNOWN

Maven

CVE-2008-1947

Apache Tomcat Cross-site scripting (XSS) vulnerability

May 1, 2022

UNKNOWN

Maven

CVE-2007-3385

Apache Tomcat Mishandles Character Sequence in Cookies

May 1, 2022

UNKNOWN

Maven

CVE-2007-5333

Exposure of Sensitive Information in Apache Tomcat

May 1, 2022

UNKNOWN

Maven

CVE-2006-7196

Cross-site scripting in Apache Tomcat

May 1, 2022

UNKNOWN

Maven

CVE-2006-7197

Apache Tomcat Buffer Over-Read

May 1, 2022

UNKNOWN

Maven

CVE-2006-3835

Apache Tomcat Reveals Directories

May 1, 2022

UNKNOWN

Maven

CVE-2002-2009

Apache Tomcat Leaks Pathname Information via Error Message

Apr 30, 2022

UNKNOWN

Maven

CVE-2002-2008

Apache Tomcat Leaks Information via Error Message

Apr 30, 2022

UNKNOWN

Maven

CVE-2003-0043

Tomcat uses trusted privileges when processing web.xml file

Apr 29, 2022

UNKNOWN

Maven

CVE-2001-0917

Apache Tomcat Reveals Path through Long URL

Apr 30, 2022

UNKNOWN

Maven

CVE-2005-3510

Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests

May 1, 2022

UNKNOWN

Maven

CVE-2014-0227

Improper Input Validation in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2014-0230

Uncontrolled Resource Consumption in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2013-4286

Apache Tomcat is vulnerable to HTTP request-smuggling

May 14, 2022

UNKNOWN

Maven

CVE-2013-2071

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

May 17, 2022

UNKNOWN

Maven

CVE-2014-7810

Improper Access Control in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2013-2185

Deserialization of Untrusted Data in Apache Tomcat

May 17, 2022

UNKNOWN

Maven

CVE-2014-0050

Commons FileUpload Denial of service vulnerability

Dec 21, 2018

UNKNOWN

Maven

CVE-2013-4444

Apache Tomcat Unrestricted file upload vulnerability

May 13, 2022

UNKNOWN

Maven

CVE-2013-4322

Apache Tomcat Denial of Service vulnerability

May 14, 2022

UNKNOWN

Maven

CVE-2013-4590

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

May 14, 2022

MEDIUM 5.3

Maven

CVE-2016-6794

System Property Disclosure in Apache Tomcat

May 13, 2022

HIGH 7.5

Maven

CVE-2016-6796

Apache Tomcat vulnerable to SecurityManager bypass

May 13, 2022

HIGH 7.5

Maven

CVE-2016-8747

Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request

May 14, 2022

HIGH 7.5

Maven

CVE-2016-6817

Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat

May 14, 2022

HIGH 7.5

Maven

CVE-2017-5647

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

May 14, 2022

MEDIUM 4.3

Maven

CVE-2016-0706

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

May 14, 2022

MEDIUM 5.3

Maven

CVE-2017-15706

Inconsistent documentation in Apache Tomcat

May 14, 2022

HIGH 7.5

Maven

CVE-2017-7675

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

May 14, 2022

HIGH 7.5

Maven

CVE-2016-6797

Incorrect Authorization in Apache Tomcat

May 13, 2022

HIGH 7.5

Maven

CVE-2022-29885

Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption

May 13, 2022

MEDIUM 5.3

Maven

CVE-2021-33037

HTTP Request Smuggling in Apache Tomcat

Aug 13, 2021

HIGH 7.5

Maven

CVE-2021-42340

Missing Release of Resource after Effective Lifetime in Apache Tomcat

Oct 15, 2021

LOW 3.7

Maven

CVE-2021-43980

Apache Tomcat Race Condition vulnerability

Sep 29, 2022

MEDIUM 5.9

Maven

CVE-2016-0762

Observable Discrepancy in Apache Tomcat

May 13, 2022

HIGH 7.5

Maven

CVE-2017-5664

Improper Handling of Exceptional Conditions in Apache Tomcat

May 13, 2022

MEDIUM 6.3

Maven

CVE-2016-0763

Improper Verification of Source of a Communication Channel in Apache Tomcat

May 14, 2022

HIGH 8.1

Maven

CVE-2015-5346

Improper Neutralization of Input During Web Page Generation in Apache Tomcat

May 14, 2022

HIGH 7.5

Maven

CVE-2017-5650

Improper Resource Shutdown or Release in Apache Tomcat

May 13, 2022

MEDIUM 4.3

Maven

CVE-2017-7674

Insufficient Verification of Data Authenticity in Apache Tomcat

May 14, 2022

HIGH 8.8

Maven

CVE-2016-0714

Improper Access Control in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2010-4172

Improper Neutralization of Input During Web Page Generation in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2011-1088

Apache Tomcat allows remote attackers to bypass intended access restrictions

May 14, 2022

UNKNOWN

Maven

CVE-2010-4476

Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment

May 14, 2022

UNKNOWN

Maven

CVE-2008-2938

Apache Tomcat Directory Traversal vulnerability

May 1, 2022

HIGH 7.0

Maven

CVE-2022-23181

Race condition in Apache Tomcat

Feb 1, 2022

HIGH 7.5

Maven

CVE-2021-41079

Infinite loop in Tomcat due to parsing error

Sep 20, 2021

HIGH 7.5

Maven

CVE-2011-0534

Apache Tomcat does not enforce the maxHttpHeaderSize limit

May 14, 2022

UNKNOWN

Maven

CVE-2010-2227

Apache Tomcat does not properly handle an invalid Transfer-Encoding header

May 14, 2022

UNKNOWN

Maven

CVE-2011-5063

Improper Authentication in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2011-5062

Improper Authentication in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2011-3190

Apache Tomcat Allows Remote Attackers to Spoof AJP Requests

May 14, 2022

UNKNOWN

Maven

CVE-2011-2526

Improper Input Validation in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2011-2481

Apache Tomcat Allows Replacing of XML Parser

May 17, 2022

UNKNOWN

Maven

CVE-2011-2204

Insertion of Sensitive Information into Log File in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2011-1582

Access restriction bypass in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2011-1184

Authentication Bypass in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2011-1183

Access controll bypass in Apache Tomcat

May 14, 2022

UNKNOWN

Maven

CVE-2011-0013

Improper Neutralization of Input During Web Page Generation in Apache Tomcat

May 3, 2022

org.apache.tomcat:tomcat

Vulnerabilities

Apache Tomcat Improper Input Validation vulnerability

Apache Tomcat Incomplete Cleanup vulnerability

Apache Tomcat - Client certificate verification bypass

Infinite Loop in Apache Tomcat

Uncontrolled Resource Consumption in Apache Tomcat

Apache Tomcat affected by vulnerability in TLS and SSL protocol

Apache Tomcat Missing Encryption of Sensitive Data vulnerability

Apache Tomcat Open Redirect vulnerability

Apache Tomcat - Security constraints not correctly applied

Apache Tomcat - AJP secret compared in non-constant time

Apache Tomcat: Configured cipher preference order not preserved

Apache Tomcat Uncontrolled Resource Consumption vulnerability

Apache Tomcat: CLIENT_CERT authentication does not fail as expected

Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat

Apache Tomcat - HTTP/2 request headers not validated

Apache Tomcat - WebSocket authentication header exposure

Apache Tomcat - Digest authenticator will authenticate any unknown user

Apache Tomcat: LockOutRealm treats user names as case-sensitive

Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling

Potential HTTP request smuggling in Apache Tomcat

Improper socket reuse in Apache Tomcat

Apache Tomcat Vulnerable to Relative Path Traversal

Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences

Apache Tomcat Vulnerable to Improper Resource Shutdown or Release

Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve

Apache Tomcat: Padding Oracle vulnerability in EncryptInterceptor

Apache Tomcat has an Open Redirect vulnerability

Apache Tomcat has an Improper Input Validation vulnerability

Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File

Apache Tomcat - Security constraint bypass with HTTP/0.9

Incorrect Default Permissions in Apache Tomcat

Apache Tomcat Directory Traversal

Apache Tomcat installer for Windows has an untrusted search path vulnerability

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat

Missing XML Validation in Apache Tomcat

Improper Input Validation in Apache Tomcat

Integer Overflow or Wraparound in Apache Tomcat

Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

Apache Tomcat Cross-site scripting (XSS) vulnerability

Apache Tomcat Mishandles Character Sequence in Cookies

Exposure of Sensitive Information in Apache Tomcat

Cross-site scripting in Apache Tomcat

Apache Tomcat Buffer Over-Read

Apache Tomcat Reveals Directories

Apache Tomcat Leaks Pathname Information via Error Message

Apache Tomcat Leaks Information via Error Message

Tomcat uses trusted privileges when processing web.xml file

Apache Tomcat Reveals Path through Long URL

Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests

Improper Input Validation in Apache Tomcat

Uncontrolled Resource Consumption in Apache Tomcat

Apache Tomcat is vulnerable to HTTP request-smuggling

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

Improper Access Control in Apache Tomcat

Deserialization of Untrusted Data in Apache Tomcat

Commons FileUpload Denial of service vulnerability

Apache Tomcat Unrestricted file upload vulnerability

Apache Tomcat Denial of Service vulnerability

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

System Property Disclosure in Apache Tomcat

Apache Tomcat vulnerable to SecurityManager bypass

Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request

Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

Inconsistent documentation in Apache Tomcat

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

Incorrect Authorization in Apache Tomcat

Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption

HTTP Request Smuggling in Apache Tomcat

Missing Release of Resource after Effective Lifetime in Apache Tomcat

Apache Tomcat Race Condition vulnerability

Observable Discrepancy in Apache Tomcat

Improper Handling of Exceptional Conditions in Apache Tomcat

Improper Verification of Source of a Communication Channel in Apache Tomcat