>= 11.0.0-M1, < 11.0.3
CRITICAL9.8CVE-2020-1938⚠ KEVImproper Privilege Management in Tomcat >= 9.0.0, < 9.0.31
HIGH8.1⚠ KEVtomcat7 - security update
>= 9.0.0.M1, < 9.0.1
HIGH8.1⚠ KEVWhen running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server
>= 7.0.0, < 7.0.79
MEDIUM5.3⚠ KEVnghttp2 - security update
>= 11.0.0-M1, < 11.0.0-M12
CRITICAL9.8Apache Tomcat - Digest authenticator will authenticate any unknown user
from 0, < 9.0.118
CRITICAL9.8Apache Tomcat - HTTP/2 request headers not validated
from 0, < 9.0.118
CRITICAL9.8Apache Tomcat Rewrite rule bypass
>= 9.0.76, < 9.0.104
CRITICAL9.8Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
>= 11.0.0-M1, < 11.0.2
CRITICAL9.8Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
>= 11.0.0-M1, < 11.0.2
CRITICAL9.8Expected Behavior Violation in Apache Tomcat
>= 9.0.0.M1, < 9.0.0.M19
CRITICAL9.8The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
>= 9.0.0.M1, < 9.0.9
CRITICAL9.6Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences
>= 11.0.0-M1, < 11.0.11
CRITICAL9.1Apache Tomcat - Security constraints not correctly applied
from 0, < 9.0.118
CRITICAL9.1Apache Tomcat - Client certificate verification bypass
>= 11.0.0-M1, < 11.0.15
CRITICAL9.1Exposure of Resource to Wrong Sphere in Apache Tomcat
>= 9.0.0.M1, < 9.0.0.M18
HIGH8.4Apache Tomcat installer for Windows has an untrusted search path vulnerability
>= 11.0.0-M1, < 11.0.8
HIGH8.1Apache Tomcat OS Command Injection vulnerability
>= 9.0.0.M1, < 9.0.17
HIGH7.5Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling
from 0, < 9.0.118
HIGH7.5Apache Tomcat: LockOutRealm treats user names as case-sensitive
from 0, < 9.0.118
HIGH7.5Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve
>= 9.0.40, < 9.0.116
HIGH7.5Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File
>= 9.0.13, < 9.0.117
HIGH7.5Apache Tomcat has an HTTP Request/Response Smuggling vulnerability
>= 7.0.0, < 9.0.116
HIGH7.5Apache Tomcat: Configured cipher preference order not preserved
>= 9.0.114, < 9.0.116
HIGH7.5Apache Tomcat has an Improper Input Validation vulnerability
>= 11.0.0-M1, < 11.0.18
HIGH7.5tomcat9 - security update
>= 11.0.0-M1, < 11.0.11
HIGH7.5Apache Tomcat Improper Resource Shutdown or Release vulnerability
>= 11.0.0-M1, < 11.0.10
HIGH7.5Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams
>= 8.5.0, <= 8.5.100
HIGH7.5Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits
>= 11.0.0-M1, < 11.0.9
HIGH7.5Apache Tomcat - DoS in multipart upload
>= 11.0.0-M1, < 11.0.8
HIGH7.5Apache Tomcat - Security constraint bypass for pre/post-resources
>= 11.0.0-M1, < 11.0.8
HIGH7.5Apache Tomcat Denial of Service via invalid HTTP priority header
>= 9.0.76, < 9.0.104
HIGH7.5tomcat10 - security update
>= 11.0.0-M1, < 11.0.0-M21
HIGH7.5Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
>= 8.5.0, < 8.5.99
HIGH7.5tomcat9 - security update
>= 11.0.0-M1, < 11.0.0-M11
HIGH7.5tomcat10 - security update
>= 11.0.0-M2, < 11.0.0-M5
HIGH7.5Apache Tomcat vulnerable to information leak
>= 11.0.0-M5, < 11.0.0-M6
HIGH7.5tomcat9 - security update
>= 10.1.0-M1, < 10.1.5
HIGH7.5Apache Tomcat improperly escapes input from JsonErrorReportValve
>= 8.5.83, < 8.5.84
HIGH7.5tomcat9 - security update
>= 8.5.0, < 8.5.83
HIGH7.5tomcat9 - security update
>= 10.0.0-M1, < 10.0.0-M5
HIGH7.5tomcat9 - security update
>= 10.0.0, < 10.0.2
HIGH7.5Apache Tomcat Denial of Service vulnerability
>= 9.0.0, < 9.0.16
HIGH7.5tomcat8 - security update
from 0, < 7.0.99
HIGH7.5tomcat9 - security update
>= 9.0.0.M1, < 9.0.20
HIGH7.5tomcat7 - security update
>= 9.0.0, < 9.0.10
HIGH7.5tomcat8 - security update
>= 9.0.0.M9, < 9.0.8
HIGH7.3Apache Tomcat - WebSocket authentication header exposure
from 0, < 9.0.118
HIGH7.3tomcat11 - security update
>= 9.0.0.M1, < 9.0.105
HIGH7.0Potential remote code execution in Apache Tomcat
>= 10.0.0-M1, < 10.0.2
HIGH7.0tomcat7 - security update
>= 10.0.0-M1, < 10.0.0-M5
HIGH7.0tomcat8 - security update
from 0, < 7.0.99
MEDIUM6.5Apache Tomcat Request and/or response mix-up
>= 9.0.92, < 9.0.96
MEDIUM6.5Apache Tomcat information exposure vulnerability
>= 9.0.0M1, < 9.0.5
MEDIUM6.1Apache Tomcat has an Open Redirect vulnerability
>= 8.5.30, < 9.0.116
MEDIUM6.1Apache Tomcat Open Redirect vulnerability
>= 8.5.0, < 8.5.93
MEDIUM6.1tomcat7 - security update
>= 9.0.0, < 9.0.17
MEDIUM5.9tomcat8 - security update
>= 10.0.0-M1, < 10.0.0-M10
MEDIUM5.9Apache Tomcat Race Condition vulnerability
>= 9.0.0.M9, < 9.0.10
MEDIUM5.9tomcat8 - security update
>= 9.0.0, < 9.0.5
MEDIUM5.3Apache Tomcat has an Improper Input Validation vulnerability
>= 9.0.113, < 9.0.116
MEDIUM5.3Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
>= 11.0.0-M1, < 11.0.12
MEDIUM5.3tomcat9 - security update
>= 8.5.7, < 8.5.64
MEDIUM5.3Apache Tomcat Improper Input Validation vulnerability
>= 11.0.0-M1, < 11.0.0-M12
MEDIUM5.3Apache Tomcat Incomplete Cleanup vulnerability
>= 11.0.0-M1, < 11.0.0-M12
MEDIUM4.8tomcat8 - security update
>= 7.0.98, < 7.0.100
MEDIUM4.8Potential HTTP request smuggling in Apache Tomcat
from 0, < 7.0.100
MEDIUM4.3tomcat8 - security update
>= 8.5.0, < 8.5.34
LOW3.7Apache Tomcat - AJP secret compared in non-constant time
from 0, < 9.0.118
LOW3.7Apache Tomcat - Security constraint bypass with HTTP/0.9
>= 11.0.0-M1, < 11.0.15
—Denial of service in Apache Tomcat
>= 8.0.0-RC1, < 8.0.4
—tomcat5.5
>= 5.5.9, < 5.5.27