261 matches found
CVE-2024-34750
CVE-2024-34750 affects Apache Tomcat across multiple lines of the 9.x, 10.x, and 11.x series, where improper handling of HTTP/2 streams leads to miscounting active streams and the use of an infinite timeout, allowing connections to remain open. Root cause: during HTTP/2 processing, Tomcat fails t...
CVE-2024-52316
CVE-2024-52316 is an Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat uses a custom Jakarta Authentication (JASPIC) ServerAuthContext component that throws during authentication without setting an HTTP failure status, authentication may bypass controls. Affected ranges include ...
CVE-2025-46701
CVE-2025-46701 affects Apache Tomcat GCI servlet; security constraint bypass via pathInfo handling. Public advisories confirm affected branches: Tomcat 11.x up to 11.0.6, 10.x up to 10.1.40, 9.x up to 9.0.104. Remediation versions listed: 11.0.7, 10.1.41, 9.0.105. Debian/DSA and Amazon Linux advi...
CVE-2023-42795
CVE-2023-42795 is an Apache Tomcat Incomplete Cleanup vulnerability. When recycling internal objects during request handling, Tomcat could skip parts of the recycling process, causing information leakage from the current request/response to the next. Affected versions include 11.0.0-M1 through 11...
CVE-2022-34305
CVE-2022-34305 affects Apache Tomcat across multiple tracks: 10.1.0-M1..M16, 10.0.0-M1..10.0.22, 9.0.30..9.0.64, and 8.5.50..8.5.81, where the Form authentication example in the sample web app exposes XSS by displaying unsanitized user input. Root cause: user-provided data in the example form is ...
CVE-2023-28708
CVE-2023-28708 affects Apache Tomcat where RemoteIpFilter processed requests from reverse proxies with X-Forwarded-Proto: https, causing session cookies to be set without the secure attribute across several lines of Tomcat releases (8.5.0–8.5.85, 9.0.0-M1–9.0.71, 10.1.0-M1–10.1.5, 11.0.0-M1–11.0....
CVE-2022-23181
CVE-2022-23181 is a TOCTTOU vulnerability introduced by the fix for CVE-2020-9484 in Apache Tomcat when the server persists sessions using FileStore. It is exploitable by a local attacker who can perform actions with the Tomcat process user privileges. Affected ranges (per the sources) include To...
CVE-2019-0199
The CVE-2019-0199 entry concerns Apache Tomcat’s HTTP/2 implementation. Affected products/versions: Tomcat 9.0.0.M1–9.0.14 and 8.5.0–8.5.37 (per public advisories) allowed streams to accumulate excessive SETTINGS frames and kept streams open when using Servlet API blocking I/O. Root cause: improp...
CVE-2023-45648
CVE-2023-45648 describes an improper input validation in Apache Tomcat where HTTP trailer headers were not parsed correctly. A crafted trailer header could cause Tomcat to treat a single request as multiple requests, enabling potential request smuggling when deployed behind a reverse proxy. Affec...
CVE-2022-29885
CVE-2022-29885 concerns Apache Tomcat EncryptInterceptor documentation, which incorrectly claimed clustering over untrusted networks. The vulnerability does not enable additional risks via DoS over untrusted networks; rather it exposes DoS risks that EncryptInterceptor does not guard against. Aff...
CVE-2021-43980
CVE-2021-43980 affects Apache Tomcat 8.5.0–8.5.77, 9.0.0-M1–9.0.60, 10.0.0-M1–10.0.18, and 10.1.0–10.1.0-M12. The issue arises from a simplified blocking I/O path that shares an Http11Processor between clients, potentially causing responses or partial responses to be delivered to the wrong client...
CVE-2022-45143
CVE-2022-45143 affects Apache Tomcat: the JsonErrorReportValve failed to escape type, message, or description fields, which could be constructed from user data and allow manipulation of JSON output. Affected versions include Tomcat 8.5.83, 9.0.40–9.0.68, and 10.1.0-M1–10.1.1. The issue’s impact i...
CVE-2018-1304
Apache Tomcat vulnerability CVE-2018-1304 arises from incorrect handling of the empty string URL pattern ("") in security constraint processing, allowing unauthorized access to protected resources. Affected versions: Tomcat 9.0.0.M1–9.0.4, 8.5.0–8.5.27, 8.0.0.RC1–8.0.49, and 7.0.0–7.0.84. This is...
CVE-2017-5648
CVE-2017-5648 is described across connected advisories as a vulnerability in Apache Tomcat where calls to application listeners did not use the appropriate facade object. Under a SecurityManager, an untrusted application could retain a reference to the request or response and access/modify inform...
CVE-2017-5647
CVE-2017-5647 is a Tomcat pipeline handling bug affecting multiple major Tomcat lines (7.x/8.x/9.x) where pipelined requests with Sendfile could be misassociated, causing responses to appear for wrong requests or omissions. Technical description from Debian/CentOS advisories confirms the issue st...
CVE-2017-5664
CVE-2017-5664 affects Apache Tomcat and concerns the error page mechanism. The DefaultServlet failed to forward error pages with the original request method across multiple releases (Tomcat 9.0.0.M1–9.0.0.M20, 8.5.0–8.5.14, 8.0.0.RC1–8.0.43, 7.0.0–7.0.77), which could lead to unexpected results f...
CVE-2016-8745
CVE-2016-8745 describes a bug in Tomcat’s NIO HTTP connector error handling that could allow information leakage between requests. A Processor object could be added to the Processor cache multiple times, enabling the same Processor to service concurrent requests and potentially expose session IDs...
CVE-2007-0450
CVE-2007-0450 is a directory traversal vulnerability affecting Apache Tomcat (and Tomcat behind certain Apache proxies) where a crafted URI containing a dot-dot sequence and mixed separators (/, , and %5C) can cause unauthorized disclosure of arbitrary files. Affected products/versions include To...
CVE-2024-38286
The CVE-2024-38286 entry describes an Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat that, under certain configurations, allows an attacker to trigger an OutOfMemoryError by abusing the TLS handshake. Affected versions include Tomcat 11.0.0-M1 through 11.0.0-M...
CVE-2018-1305
Apache Tomcat contains CVE-2018-1305, where security constraints defined by Servlet annotations were only applied after a Servlet load, potentially allowing unauthorized access to resources depending on the order of loading. Affected releases span 7.0.0–7.0.84, 8.0.0.RC1–8.0.49, 8.5.0–8.5.27, and...
CVE-2018-8037
CVE-2018-8037 affects Apache Tomcat 9.0.0.M9–9.0.9 and 8.5.5–8.5.31. The issue is a race condition where an async request completes as the container times out, plus a related NIO/NIO2 connector closure-tracking bug, which could cause a user to receive a response intended for another user. Impact ...
CVE-2021-41079
CVE-2021-41079 affects Apache Tomcat when TLS is configured with NIO/NIO2 and OpenSSL. Multiple sources confirm: Tomcat versions 8.5.0–8.5.63, 9.0.0-M1–9.0.43, and 10.0.0-M1–10.0.2 fail to properly validate incoming TLS packets, allowing a specially crafted TLS packet to trigger an infinite loop ...
CVE-2016-6816
CVE-2016-6816 affects multiple Tomcat branches (9.0.0.M1–M11, 8.5.0–8.5.6, 8.0.0.RC1–8.0.38, 7.0.0–7.0.72, 6.0.0–6.0.47). The vulnerability arises from parsing the HTTP request line with invalid characters, which could be combined with a proxy interpreting those chars differently to inject data i...
CVE-2017-7674
CVE-2017-7674 affects Apache Tomcat where the CORS Filter failed to add a Vary: Origin header, enabling potential cache poisoning. Affected product ranges include Tomcat 7.x, 8.x, and 9.x across multiple minor releases. The issue is documented in various advisories (Debian, Red Hat/CentOS, AWS AL...
CVE-2016-6325
CVE-2016-6325 affects Red Hat Enterprise Linux (RHEL) 5–7, JBoss Web Server 3.0, and JBoss EWS 2, where insecure permissions on /etc/sysconfig/tomcat and /etc/tomcat/tomcat.conf allow local privilege escalation through tomcat group membership. Affected entries describe the root cause as insecure ...
CVE-2016-5388
The CVE-2016-5388 issue affects Apache Tomcat (CGI Servlet enabled) where Proxy header handling exposes HTTP_PROXY data to CGI scripts, enabling redirection of outbound requests to a attacker-controlled proxy (httpoxy). Public advisories across multiple distributions confirm Tomcat 7.x up to 7.0....
CVE-2017-12616
CVE-2017-12616 affects Apache Tomcat 7.0.0–7.0.80 with VirtualDirContext, enabling bypass of security constraints and viewing JSP source via a crafted request. Affected products/versions are documented in multiple advisories; remediation is to upgrade to a newer Tomcat 7.x release (e.g., Debian/R...
CVE-2024-21733
CVE-2024-21733 affects Apache Tomcat 8.5.7–8.5.63 and 9.0.0-M11–9.0.43, where error responses may disclose sensitive information from unrelated requests on the default error page. Upgrade to Tomcat 8.5.64+ or 9.0.44+ to fix. A public PoC exploit exists (GitHub: https://github.com/LtmThink/CVE-202...
CVE-2025-49125
CVE-2025-49125 describes an Authentication Bypass via an Alternate Path or Channel in Apache Tomcat. Affected: Tomcat 11.0.0-M1–11.0.7, 10.1.0-M1–10.1.41, 9.0.0.M1–9.0.105; EOL versions (e.g., 8.5.x) may also be affected. Upstream fix advised: upgrade to Tomcat 11.0.8, 10.1.42 or 9.0.106. The CVS...
CVE-2023-42794
CVE-2023-42794 is an Incomplete Cleanup vulnerability in Apache Tomcat’s internal Commons FileUpload fork. It affects Tomcat 9.0.70–9.0.80 and 8.5.85–8.5.93; a partially refactored, unreleased code path could leave an uploaded file stream open if not closed, causing the file to remain on disk and...
CVE-2025-48988
CVE-2025-48988 is a resource-allocation DoS vulnerability in Apache Tomcat. The flaw enables uncontrolled resource consumption (allocation without limits/throttling) and affects Tomcat 11.0.0-M1–11.0.7, 10.1.0-M1–10.1.41, and 9.0.0.M1–9.0.105 (including older EOL variants). Upstream fixes exist: ...
CVE-2016-5425
CVE-2016-5425 describes a local privilege escalation in Tomcat packages on RHEL7, Fedora, CentOS, Oracle Linux, and similar distros due to weak permissions on /usr/lib/tmpfiles.d/tomcat.conf. Local users in the tomcat group can exploit this to gain root privileges via systemd-tmpfiles handling. T...
CVE-2016-0714
The CVE-2016-0714 entry concerns the Tomcat session-persistence mechanism. In Apache Tomcat versions affected (6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2), the session-persistence implementation mishandles session attributes, allowing remote authenticated use...
CVE-2023-34981
CVE-2023-34981 affects Apache Tomcat: a regression in the fix for bug 66512 causes no AJP SEND_HEADERS to be sent when a response has no HTTP headers, allowing an information leak via proxies (e.g., mod_proxy_ajp) leaking headers from a previous request. The initial description lists affected Tom...
CVE-2016-5018
CVE-2016-5018 affects multiple Tomcat branches (9.0.0.M1–M9, 8.5.0–8.5.4, 8.0.0.RC1–8.0.36, 7.0.0–7.0.70, 6.0.0–6.0.45). The vulnerability allows a malicious web application to bypass a configured SecurityManager via a Tomcat utility method that is accessible to web applications, enabling bypass ...
CVE-2015-5346
CVE-2015-5346 (Tomcat) describes a session-fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2. When different session settings are used for deployments of multiple versions of the same web application, an attacker could hijack a user session by e...
CVE-2002-2272
CVE-2002-2272 affects Tomcat 4.0–4.1.12 when using mod_jk 1.2.1 with Apache 1.3–1.3.27. A remote attacker can cause a denial of service by sending an HTTP GET request that uses a Transfer-Encoding chunked field with invalid values, leading to desynchronized communications between Apache and Tomca...
CVE-2005-2090
CVE-2005-2090 affects Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0): it enables HTTP Request Smuggling via a request containing both Transfer-Encoding: chunked and Content-Length, causing the body to be mis‑interpreted and processed as a new request. This issue is noted to hav...
CVE-2014-0230
CVE-2014-0230 affects Apache Tomcat: 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9. The issue occurs when an HTTP response is sent before the server finishes reading the entire request body, enabling remote attackers to trigger a denial-of-service via a series of aborted upload attem...
CVE-2007-1858
CVE-2007-1858 affects Apache Tomcat 4.1.28–4.1.31, 5.0.0–5.0.30, and 5.5.0–5.5.17 where the default SSL cipher configuration uses insecure ciphers (including anonymous), enabling remote attackers to obtain sensitive information or cause other impacts. Connected sources confirm Tomcat security upd...
CVE-2024-52318
CVE-2024-52318 is an Apache Tomcat vulnerability described as an incorrect object recycling and reuse issue. It affects Tomcat 11.0.0, 10.1.31, and 9.0.96. The documented fix is to upgrade to Tomcat 11.0.1, 10.1.32, or 9.0.97, which addresses the issue. Connection documents confirm the affected p...
CVE-2015-5174
Summary: CVE-2015-5174 is a directory traversal vulnerability in Apache Tomcat’s RequestUtil.java that affects Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27. A remote authenticated user could bypass SecurityManager restrictions and list a parent directory by using a /.. seque...
CVE-2024-52317
CVE-2024-52317 : In Apache Tomcat, an incorrect object re-cycling and re-use vulnerability affects HTTP/2 requests. The root cause is improper recycling of request/response objects, which can lead to mixing of requests/responses between users. Affected versions include Tomcat 11.0.0-M23 to 11.0.0...
CVE-2016-6797
CVE-2016-6797 stems from Apache Tomcat’s ResourceLinkFactory not restricting web app access to global JNDI resources, allowing a web application to access any global JNDI resource regardless of explicit ResourceLink. Affects Tomcat 6.x/7.x/8.x/9.x releases listed in the entry (various 6.0–9.0 lin...
CVE-2026-25854
CVE-2026-25854 is an Open Redirect vulnerability in Apache Tomcat caused by the LoadBalancerDrainingValve. Affected versions include Tomcat 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100. The issue allows occasional redirection to untru...
CVE-2021-30639
Apache Tomcat CVE-2021-30639 describes a DoS vulnerability caused by improper error handling during non-blocking I/O, where the error flag on a Request object isn’t reset between requests. This can allow a remote attacker to trigger non-blocking I/O errors (e.g., by dropping connections) and caus...
CVE-2024-54677
CVE-2024-54677 describes an Uncontrolled Resource Consumption vulnerability in the Tomcat examples web application that can lead to denial of service. Affected products and versions include Tomcat 9.x (9.0.0.M1–9.9.97), 10.x (10.1.0-M1–10.1.33), and 11.x (11.0.0-M1–11.0.1), with older EOL release...
CVE-2014-7810
Summary: CVE-2014-7810 affects the EL implementation in Apache Tomcat. The vulnerability arises when the EL evaluator may evaluate against an interface that is accessible via an inaccessible class, allowing bypass of SecurityManager protections in a web application. Affected products/versions (pe...
CVE-2012-3544
CVE-2012-3544 detail (Tomcat): Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 fails to properly handle chunk extensions in chunked transfer coding, allowing remote attackers to trigger a denial-of-service by streaming data. Affected: Tomcat 6.x up to 6.0.36, Tomcat 7.x up to 7.0.29. Impact...
CVE-2015-5345
CVE-2015-5345 affects the Tomcat Mapper component: redirects are processed before security constraints/Filters, enabling a remote attacker to determine the existence of a directory via a URL that lacks a trailing slash. Affected upstream versions are Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8...