>= 11.0.0-M1, < 11.0.3
CRITICAL9.8CVE-2016-8735⚠ KEVApache Tomcat Improper Access Control vulnerability from 0, < 6.0.48
HIGH8.1⚠ KEVtomcat7 - security update
>= 9.0.0.M1, < 9.0.1
CRITICAL9.8Apache Tomcat - Digest authenticator will authenticate any unknown user
from 0, < 9.0.118
CRITICAL9.8Apache Tomcat - HTTP/2 request headers not validated
from 0, < 9.0.118
CRITICAL9.8Apache Tomcat Rewrite rule bypass
>= 9.0.76, < 9.0.104
CRITICAL9.8Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
>= 11.0.0-M1, < 11.0.2
CRITICAL9.8Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
>= 11.0.0-M1, < 11.0.2
CRITICAL9.8Apache Tomcat - Authentication Bypass
from 0, < 9.0.96
CRITICAL9.6Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences
>= 11.0.0-M1, < 11.0.11
CRITICAL9.1Apache Tomcat - Security constraints not correctly applied
from 0, < 9.0.118
CRITICAL9.1Apache Tomcat - Client certificate verification bypass
>= 11.0.0-M1, < 11.0.15
CRITICAL9.1Exposure of Resource to Wrong Sphere in Apache Tomcat
>= 9.0.0.M1, < 9.0.0.M18
HIGH8.4Apache Tomcat installer for Windows has an untrusted search path vulnerability
>= 11.0.0-M1, < 11.0.8
HIGH8.1tomcat8 - security update
>= 7.0.0, < 7.0.72
HIGH7.5Apache Tomcat: LockOutRealm treats user names as case-sensitive
from 0, < 9.0.118
HIGH7.5Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling
from 0, < 9.0.118
HIGH7.5Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve
>= 9.0.40, < 9.0.116
HIGH7.5Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File
>= 9.0.13, < 9.0.117
HIGH7.5tomcat9 - security update
>= 11.0.0-M1, < 11.0.11
HIGH7.5Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits
>= 11.0.0-M1, < 11.0.9
HIGH7.5Apache Tomcat - Security constraint bypass for pre/post-resources
>= 11.0.0-M1, < 11.0.8
HIGH7.5Apache Tomcat - DoS in multipart upload
>= 11.0.0-M1, < 11.0.8
HIGH7.5tomcat9 - security update
>= 11.0.0-M1, < 11.0.0-M11
HIGH7.5Apache Tomcat improperly escapes input from JsonErrorReportValve
>= 10.1.0, < 10.1.2
HIGH7.5tomcat7 - security update
>= 7.0.0, < 7.0.81
HIGH7.3Apache Tomcat - WebSocket authentication header exposure
from 0, < 9.0.118
HIGH7.3tomcat11 - security update
>= 9.0.0.M1, < 9.0.105
HIGH7.0tomcat7 - security update
>= 10.0.0-M1, < 10.0.0-M5
MEDIUM6.5Apache Tomcat Session Fixation vulnerability
>= 11.0.0-M1, < 11.0.8
MEDIUM6.1Apache Tomcat has an Open Redirect vulnerability
>= 8.5.30, < 9.0.116
MEDIUM6.1Apache Tomcat Open Redirect vulnerability
>= 10.1.0-M1, < 10.1.13
MEDIUM5.3Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
>= 11.0.0-M1, < 11.0.12
MEDIUM5.3Apache Tomcat Uncontrolled Resource Consumption vulnerability
>= 8.5.0, <= 8.5.100
MEDIUM5.3Apache Tomcat Incomplete Cleanup vulnerability
>= 11.0.0-M1, < 11.0.0-M12
MEDIUM4.3Apache Tomcat vulnerable to Unprotected Transport of Credentials
>= 11.0.0-M1, < 11.0.0-M3
LOW3.7Apache Tomcat - AJP secret compared in non-constant time
from 0, < 9.0.118
LOW3.7Apache Tomcat - Security constraint bypass with HTTP/0.9
>= 11.0.0-M1, < 11.0.15
—Improper Authentication in Apache Tomcat
>= 5.5.0, < 5.5.36
—Missing XML Validation in Apache Tomcat
from 0, < 6.0.40
—Improper Input Validation in Apache Tomcat
from 0, < 6.0.40