CRITICAL9.8CVE-2026-41293Apache Tomcat: HTTP/2 request headers not validated from 0, < 9.0.118
CRITICAL9.8CVE-2026-43512Apache Tomcat: Digest authenticator will authenticate any unknown user from 0, < 9.0.118
CRITICAL9.8pound - security update
>= 7.0.0, < 7.0.10
CRITICAL9.6Apache Tomcat: console manipulation via escape sequences in log messages
>= 11.0.0-M1, < 11.0.11
CRITICAL9.1Apache Tomcat: Security constraints not correctly applied
from 0, < 9.0.118
CRITICAL9.1Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled
>= 9.0.83, < 9.0.116
CRITICAL9.1Apache Tomcat: Client certificate verification bypass due to virtual host mapping
>= 11.0.0-M1, < 11.0.15
HIGH8.8Apache Tomcat allows remote attackers to bypass a CSRF protection mechanism by using a token
from 0, < 7.0.68
HIGH8.8Improper Access Control in Apache Tomcat
>= 9.0.0.M1, < 9.0.0.M2
HIGH8.6Response mix-up with WebSocket concurrent send and close
>= 8.5.0, < 8.5.75
HIGH8.4Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows
>= 11.0.0-M1, < 11.0.8
HIGH8.1Improper Neutralization of Input During Web Page Generation in Apache Tomcat
>= 9.0.0.M1, < 9.0.0.M2
HIGH7.8User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges
from 0, < 8.0.53
HIGH7.5Apache Tomcat: LockOutRealm treats user names as case-sensitive
from 0, < 9.0.118
HIGH7.5Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling
from 0, < 9.0.118
HIGH7.5Apache Tomcat: Incomplete escaping of JSON access logs
>= 9.0.40, < 9.0.116
HIGH7.5Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor
>= 11.0.20, < 11.0.21
HIGH7.5Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token
>= 9.0.13, < 9.0.117
HIGH7.5Apache Tomcat: TLS cipher order is not preserved
>= 9.0.114, < 9.0.116
HIGH7.5Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default
>= 9.0.13, < 9.0.116
HIGH7.5Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled
>= 11.0.0-M1, < 11.0.11
HIGH7.5Apache Tomcat does not enforce the maxHttpHeaderSize limit
>= 6.0.0, < 6.0.32
HIGH7.5Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat
>= 9.0.0.M1, < 9.0.0.M12
HIGH7.5tomcat8 - security update
>= 9.0.0.M1, < 9.0.0.M19
HIGH7.5Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request
>= 8.5.7, < 8.5.10
HIGH7.5Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
>= 9.0.0.M1, < 9.0.0.M22
HIGH7.5tomcat7 - security update
>= 9.0.0.M1, < 9.0.0.M21
HIGH7.5Improper Resource Shutdown or Release in Apache Tomcat
>= 9.0.0.M1, < 9.0.0.M19
HIGH7.5Apache Tomcat vulnerable to SecurityManager bypass
>= 9.0.0.M1, < 9.0.0.M10
HIGH7.5Incorrect Authorization in Apache Tomcat
>= 9.0.0.M1, < 9.0.0.M10
HIGH7.5EncryptInterceptor does not provide complete protection on insecure networks
>= 10.1.0-M1, < 10.1.0-M15
HIGH7.5tomcat9 - security update
>= 10.0.0-M1, < 10.0.0-M5
HIGH7.5Infinite Loop in Apache Tomcat
>= 10.0.0-M1, < 10.0.0-M7
HIGH7.5tomcat8 - security update
>= 10.0.0-M1, < 10.0.0-M6
HIGH7.5DoS via memory leak with WebSocket connections
>= 10.1.0-M1, < 10.1.0-M6
HIGH7.5Apache Tomcat DoS with unexpected TLS packet
>= 10.0.0, < 10.0.4
HIGH7.5DoS after non-blocking IO error
>= 10.0.3, < 10.0.5
HIGH7.3Apache Tomcat: WebSocket authentication header exposure
from 0, < 9.0.118
HIGH7.0Local privilege escalation with FileStore
>= 10.0.0, < 10.0.16
MEDIUM6.5Auth weakness in JNDIRealm
>= 10.0.0-M1, < 10.0.5
MEDIUM6.3Improper Verification of Source of a Communication Channel in Apache Tomcat
>= 7.0.0, < 7.0.68
MEDIUM6.1Apache Tomcat: Occasionally open redirect
>= 8.5.30, < 9.0.116
MEDIUM6.1Apache Tomcat: Open redirect with FORM authentication
>= 11.0.0-M1, < 11.0.0-M11
MEDIUM6.1XSS in examples web application
>= 10.1.0-M1, < 10.1.0-M17
MEDIUM5.9tomcat7 - security update
>= 9.0.0M1, < 9.0.0.M10
MEDIUM5.3Apache Tomcat: Fix for CVE-2025-66614 is incomplete
>= 9.0.113, < 9.0.116
MEDIUM5.3Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS
>= 11.0.0-M1, < 11.0.12
MEDIUM5.3Apache Tomcat: DoS in examples web application
>= 11.0.0-M1, < 11.0.2
MEDIUM5.3Apache Tomcat: Trailer header parsing too lenient
>= 11.0.0-M1, < 11.0.0-M12
MEDIUM5.3Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests
>= 9.0.0-M1, < 9.0.81
MEDIUM5.3tomcat5.5 - several
>= 4.1.0, < 4.1.40
MEDIUM5.3Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
>= 9.0.0.M1, < 9.0.0.M2
MEDIUM5.3Inconsistent documentation in Apache Tomcat
>= 9.0.0.M22, < 9.0.2
MEDIUM5.3System Property Disclosure in Apache Tomcat
>= 6.0.0, < 6.0.47
MEDIUM5.3Incorrect Transfer-Encoding handling with HTTP/1.0
>= 10.0.0-M1, < 10.0.7
MEDIUM4.8tomcat8 - security update
>= 7.0.98, < 7.0.100
MEDIUM4.8Potential HTTP request smuggling in Apache Tomcat
from 0, < 7.0.100
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
>= 9.0.0.M1, < 9.0.0.M2
MEDIUM4.3tomcat8 - security update
>= 8.0.0-RC1, < 8.0.27
MEDIUM4.3tomcat8 - security update
>= 9.0.0.M1, < 9.0.0.M22
MEDIUM4.2Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
>= 4.1.0, <= 4.1.39
LOW3.7Apache Tomcat: AJP secret compared in non-constant time
from 0, < 9.0.118
LOW3.7Apache Tomcat: Security constraint bypass with HTTP/0.9
>= 11.0.0-M1, < 11.0.15
LOW3.7Apache Tomcat: Information disclosure
>= 8.5.0, < 8.5.78
—Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
>= 6.0.30, < 6.0.35
—Deserialization of Untrusted Data in Apache Tomcat
from 0, < 7.0.39
—Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
>= 7.0.0, < 7.0.40
—Apache Tomcat Allows Replacing of XML Parser
>= 7.0.0, < 7.0.17
—Apache Tomcat does not follow ServletSecurity annotations
>= 7.0, < 7.0.11
—Improper Authentication in Apache Tomcat
>= 5.5.0, < 5.5.36
—Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
>= 7.0.0, < 7.0.12
—Authentication Bypass in Apache Tomcat
>= 6.0.0, < 6.0.36
—Cross-Site Request Forgery in Apache Tomcat
>= 6.0.0, < 6.0.36
—Improper Access Control in Apache Tomcat
>= 5.5.0, < 5.5.36
—Improper Input Validation in Apache Tomcat
>= 5.5.0, < 5.5.35
—Apache Tomcat allows remote attackers to bypass intended access restrictions
>= 7.0.0, < 7.0.10
—Access controll bypass in Apache Tomcat
>= 7.0.11, < 7.0.12
—Access restriction bypass in Apache Tomcat
>= 7.0.12, < 7.0.14
—Improper Neutralization of Input During Web Page Generation in Apache Tomcat
>= 7.0.0, < 7.0.5
—Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header
>= 6.0.0, < 6.0.35
—openjdk-6 - several
>= 7.0.0, < 7.0.7
—Use of Hard-coded Cryptographic Key in Apache Tomcat
>= 5.5.0, < 5.5.34
—Improper Authentication in Apache Tomcat
>= 5.5.0, < 5.5.34
—Improper Input Validation in Apache Tomcat
from 0, < 5.5.34
—Insertion of Sensitive Information into Log File in Apache Tomcat
>= 5.5.0, < 5.5.34
—Apache Tomcat does not properly handle an invalid Transfer-Encoding header
>= 7.0.0, < 7.0.2
—Improper Authentication in Apache Tomcat
>= 5.5.0, < 5.5.34
—Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
>= 7.0.0, < 7.0.21
—tomcat6 - several
>= 5.5.0, < 5.5.34
—tomcat6 - several
>= 7.0.0, < 7.0.4
—tomcat6 - security update
from 0, < 6.0.39
—tomcat7 - security update
>= 6.0.0, < 6.0.37
—Improper Input Validation in Apache Tomcat
>= 6.0.33, < 6.0.38
—Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
from 0, < 6.0.39
—Apache Tomcat Denial of Service vulnerability
from 0, < 6.0.39
—Improper Authentication in Apache Tomcat
>= 6.0.21, < 6.0.37
—Integer Overflow or Wraparound in Apache Tomcat
from 0, < 6.0.40
—tomcat6 - security update
>= 6.0.0, < 6.0.42
—Uncontrolled Resource Consumption in Apache Tomcat
>= 6.0.0, < 6.0.44
—Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat
from 0, < 6.0.40