Homepage

tomcat vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the https://archive.apache.org|tomcat package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Information Exposure

[3.0,4.1.0]
  • M
Denial of Service (DoS)

[7.0.0,7.0.106)
  • H
Improper Access Control

[,6.0.47)[7.0.0,7.0.72)[8.0.0,8.0.37)[8.5.0,8.5.5)
  • H
CVE-2021-25329

[7.0.0,7.0.108)[8.5.0,8.5.63)[9.0.0,9.0.42)
  • M
Directory Traversal

[6.0.0,6.0.16]
  • M
CVE-2001-0917

[,4.0.1]
  • H
Out-of-Bounds

[8.5.1,8.5.57)[9.0.1,9.0.37)
  • M
Directory Traversal

[5.5.0,6.0.20]
  • M
Improper Input Validation

[,7.0.12)
  • M
Cross-site Scripting (XSS)

[4.1.24,5.0.19]
  • C
Remote Code Execution (RCE)

[,3.0.1)
  • M
Access Restriction Bypass

[,6.0.41)
  • H
Information Exposure

[,5.5.15]
  • M
HTTP Request Smuggling

[7.0.0,7.0.100)[8.5.0,8.5.51)[9.0.0,9.0.31)
  • C
XML External Entity (XXE) Injection

[,5.0.3)
  • H
Improper Authentication

[2.0,2.1]
  • M
CVE-2002-1148

[3.0,4.1.10]
  • M
Access Restriction Bypass

[,6.0.36)[7.0.0,7.0.30)
  • M
Cross-site Scripting (XSS)

[,5.0.2)
  • M
Directory Traversal

[,6.0.45)[7.0.0,7.0.65)[8.0.0,8.0.27)
  • M
Security Bypass

[7.0.79,7.0.83)[8.0.45,8.0.48)[8.5.16,8.5.24)
  • M
Cross-site Scripting (XSS)

[5.5.9,6.0.16]
  • L
Directory Traversal

[5.5.0,7.0.3]
  • H
Improper Input Validation

[,6.0.48)[7.0.0,7.0.73)[8.0.0,8.0.39)[8.5.0,8.5.8)
  • M
Resource Management Errors

[,5.5.35)[6.0.0,6.0.35)[7.0.0,7.0.23)
  • H
Improper Input Validation

[,6.0.35-1)[7.0.0,7.0.52-1)[7.0.0,7.0.56-3)[8.0.0,8.0.14-1)[8.0.0,8.0.32-1)
  • M
Arbitrary Code Execution

[3.0,3.1]
  • M
Access Restriction Bypass

[,6.0.45)[7.0.0,7.0.68)[8.0.0,8.0.32)
  • M
Improper Authentication

[7.0.0,7.0.109)[8.5.0,8.5.66)[9.0.0,9.0.46)[10.0.0,10.0.6)
  • M
Cross-site Scripting (XSS)

[4.1.0,6.0.16]
  • L
Information Exposure

[4.1.32,5.5.20]
  • M
CVE-2000-0759

[,3.1]
  • M
Denial of Service (DoS)

[,3.3.1)
  • H
Cross-site Scripting (XSS)

[,4.0.3]
  • H
Symlink Attack

[,6.0.35-1)[6.0.0,6.0.45)[7.0.0,7.0.28-4)[7.0.0,7.0.52-1)[7.0.0,7.0.56-3)[8.0.0,8.0.14-1)[8.0.0,8.0.32-1)[8.0.0,8.0.37-1)[8.0.0,8.0.38-2)
  • H
Information Exposure

[0,7.0.81)
  • M
Denial of Service (DoS)

[,4.0.3]
  • M
HTTP Request Smuggling

[,8.5.68)[9.0.0,9.0.48)[10.0.0,10.0.7)
  • L
Cross-site Scripting (XSS)

[0,5.5.25-1jpp.1.fc7)
  • H
Access Restriction Bypass

[,6.0.45)[7.0.0,7.0.68)[8.0.0,8.0.32)
  • M
Directory Traversal

[,3.1.1)
  • H
Improper Handling of Exceptional Conditions

[,8.5.65)[9.0.0,9.0.45)[10.0.0,10.0.5)
  • M
Access Restriction Bypass

[,7.0.11]
  • H
Arbitrary File Upload

[0,7.0.81)
  • H
Information Exposure

[0,8.5.11)
  • M
Security Features

[7.0.0,7.0.85)[8.0.0,8.0.50)[8.5.0,8.5.28)[9.0.0,9.0.5)
  • M
Cross-site Scripting (XSS)

[,5.5.7)
  • H
Out-of-Bounds

[0,8.5.8)
  • M
Symlink Attack

[0,)
  • L
Resource Management Errors

[,6.0.36)[7.0.0,7.0.28)
  • H
Access Restriction Bypass

[0,5.5.34)
  • H
Denial of Service (DoS)

[8.5.0,8.5.41)[9.0.1,9.0.20)
  • M
Access Restriction Bypass

[,7.0.11)
  • C
Information Exposure

[,7.0.76)[8.0.0,8.0.42)[8.5.0,8.5.12)
  • H
Insufficiently Protected Credentials

[7.0.0,7.0.98)[8.5.0,8.5.48)[9.0.0,9.0.29)
  • H
Denial of Service (DoS)

[,6.0.2)
  • M
Access Restriction Bypass

[7.0.12,7.0.13]
  • M
Improper Input Validation

[0,8.0.5)
  • M
Cross-site Scripting (XSS)

[,5.5.32)[6.0.0,6.0.30)[7.0.0,7.0.6)
  • H
Improper Input Validation

[,2.3)
  • M
CVE-2003-0042

[,3.3.1)
  • L
Information Exposure

[4.1.28,5.5.17]
  • H
Information Exposure

[,6.0.53)[7.0.0,7.0.77)[8.0.0,8.0.43)[8.5.0,8.5.13)
  • M
Access Restriction Bypass

[5.5.0,6.0.20]
  • M
Access Restriction Bypass

[,7.0.22)
  • M
Cross-site Scripting (XSS)

[3.3,3.3.2]
  • H
Denial of Service (DoS)

[7.0.27,7.0.105)[8.5.0,8.5.57)[9.0.1,9.0.37)
  • H
Session Fixation

[7.0.0,7.0.99)[8.5.0,8.5.50)[9.0.0,9.0.30)
  • M
Improper Data Handling

[,6.0.43)[7.0.0,7.0.55)[7.4.0.Final,7.4.6.Final)
  • M
Cross-site Scripting (XSS)

[,4.1.32)
  • C
Security Features

[7.0.41,7.0.89)[8.0.0,8.0.53)[8.5.0,8.5.32)[9.0.0,9.0.9)
  • M
Cross-site Request Forgery (CSRF)

[,5.0)
  • M
Information Exposure

[4.1.0,6.0.16]
  • M
Information Exposure

[4.1,6.0.15]
  • H
Directory Traversal

[0,8.5.16)
  • M
Directory Traversal

[4.1.0,6.0.18]
  • M
Access Restriction Bypass

[,6.0.47)[7.0.0,7.0.72)[8.0.0,8.0.37)[8.5.0,8.5.5)
  • H
Cross-site Request Forgery (CSRF)

[,7.0.68)[8.0.0,8.0.32)
  • M
Denial of Service (DoS)

[3.3,4.0.4]
  • M
Access Restriction Bypass

[,6.0.41)
  • H
Resource Management Errors

[0,8.5.13)
  • H
Security Features

[,6.0.47)[7.0.0,7.0.72)[8.0.0,8.0.37)[8.5.0,8.5.5)
  • M
Cross-site Scripting (XSS)

[,1.0]
  • M
CVE-2003-0043

[,3.3.1)
  • M
Cross-site Scripting (XSS)

[,4.1.37)
  • M
Denial of Service (DoS)

[,6.0.41)
  • M
Access Restriction Bypass

[,7.0.20)
  • M
Access Restriction Bypass

[,7.0.10)
  • M
Denial of Service (DoS)

[,5.5.35)[6.0.0,6.0.35)
  • H
Arbitrary File Upload

[,7.0.82)[8.0.0,8.0.47)[8.5.0,8.5.23)
  • H
Denial of Service (DoS)

[8.5.0,8.5.38)[9.0.1,9.0.15)
  • M
Information Exposure

[3.0,3.1]
  • M
Cross-site Scripting (XSS)

[6.0.12,7.0.4]
  • M
Information Exposure

[,6.0.39)
  • M
Improper Input Validation

[4.1.0,6.0.16]
  • M
Cross-site Scripting (XSS)

[0,5.5.25-1jpp.1.fc7)
  • H
Improper Input Validation

[8.5.0,8.5.64)[9.0.0,9.0.44)[10.0.0,10.0.3)
  • M
CVE-2001-0590

[,3.2.3)
  • M
Improper Access Control

[,6.0.44)[7.0.0,7.0.59)[8.0.0,8.0.17)
  • M
CVE-2002-2009

[,4.0.1]
  • M
Cross-site Scripting (XSS)

[3.0,3.3.1]
  • H
Command Injection

[7.0.0,7.0.94)[8.5.0,8.5.40)[9.0.1,9.0.19)
  • L
Information Exposure

[4.0.0,5.5.27]
  • M
Cross-site Scripting (XSS)

[4.0.0,4.1.36]
  • M
Denial of Service (DoS)

[,4.0.3]
  • H
Insufficiently Protected Credentials

[3.0,6.0.20]
  • M
Cross-site Scripting (XSS)

[2.3,4.0]
  • M
Information Exposure

[4.1.0,4.1.40)[5.5.0,5.5.28)[6.0.0,6.0.20)
  • M
Information Exposure

[,6.0.47)[7.0.0,7.0.72)[8.0.0,8.0.37)[8.5.0,8.5.5)
  • M
Cross-site Scripting (XSS)

[0,)
  • H
Improper Access Control

[6.0,6.0.47)[7.0,7.0.72)[8.0,8.5.5)
  • M
Directory Traversal

[4.1.0,6.0.16]
  • H
Security Features

[,7.0.78)[8.0.0,8.0.44)[8.5.0,8.5.15)
  • M
Improper Input Validation

[0,6.0.39)
  • M
Cross-site Scripting (XSS)

[,5.5.23)
  • H
CVE-2015-5346

[,7.0.67)[8.0.0,8.0.32)
  • H
Access Restriction Bypass

[,1.3.1)[7.0.0,7.0.52)[8.0.0,8.0.2)
  • M
Cross-site Scripting (XSS)

[5.0.0,5.5.17]
  • M
Improper Input Validation

[,6.0.39)
  • M
Improper Input Validation

[,5.5.34)[6.0.0,6.0.33)[7.0.0,7.0.19)
  • M
Improper Authentication

[,5.5.34)[6.0.0,6.0.33)[7.0.0,7.0.12)
  • M
Access Restriction Bypass

[5.5.9,6.0.15]
  • M
Denial of Service (DoS)

[,6.0.41)
  • L
Directory Traversal

[0,5.5.25-1jpp.1.fc8)
  • M
Access Restriction Bypass

[,5.5.34)[6.0.0,6.0.33)[7.0.0,7.0.12)
  • M
Resource Management Errors

[0,tomcat6-6.0.24-19.el6_0)
  • M
Cross-site Scripting (XSS)

[2.1,2.1.3]
  • M
Denial of Service (DoS)

[0,5.5.26-1jpp.1)
  • M
HTTP Request Smuggling

[7.0.98,7.0.100)[8.5.48,8.5.51)[9.0.28,9.0.31)
  • M
Remote Code Execution (RCE)

[,7.0.40)
  • L
Information Exposure

[5.5.0,6.0.26]
  • H
Insecure Default

[,8.0.53-29.32.1)(8.0.53-29.32.1,9.0.35-3.39.1)(9.0.35-3.39.1,9.0.35-3.57.3)
  • M
Out-of-Bounds

[,5.5.30)[6.0.0,6.0.28)
  • M
Improper Input Validation

[,6.0.36)[7.0.0,7.0.28)
  • M
Access Restriction Bypass

[,6.0.36)[7.0.0,7.0.32)
  • M
Cross-site Scripting (XSS)

[,3.2.1]
  • H
Improper Certificate Validation

[7.0.35,7.0.89)[8.0.0,8.0.53)[8.5.0,8.5.32)[9.0.1,9.0.10)
  • H
Resource Management Errors

[,6.0.44)[7.0.0,7.0.55)[8.0.0,8.0.9)
  • H
Denial of Service (DoS)

[8.5.0,8.5.56)[9.0.0,9.0.36)
  • M
Cross-site Scripting (XSS)

[4.1,6.0.16]
  • H
Remote Code Execution (RCE)

[5.1.0,5.1.1]
  • H
CVE-2021-25122

[8.5.0,8.5.63)[9.0.0,9.0.42)
  • M
Improper Input Validation

[,6.0.37)[7.0.0,7.0.30)
  • M
Cross-site Scripting (XSS)

[,4.1.40)
  • M
Improper Authentication

[,5.5.36)[6.0.0,6.0.36)[7.0.0,7.0.30)
  • M
Improper Access Control

[7.0.0,7.0.85)[8.0.0,8.0.50)[8.5.0,8.5.28)
  • M
Cross-site Scripting (XSS)

[0,5.5.25-1jpp.1.fc7)
  • M
Denial of Service (DoS)

[,4.1.3)
  • H
Security Features

[,6.0.47)[7.0.0,7.0.72)[8.0.0,8.0.37)[8.5.0,8.5.5)
  • H
Access Restriction Bypass

[,6.0.35-1)[6.0.0,6.0.45)[6.0.0,6.0.45)[7.0.0,7.0.28-4)[7.0.0,7.0.52-1)[7.0.0,7.0.56-3)[8.0.0,8.0.14-1)[8.0.0,8.0.32-1)[8.0.0,8.0.37-1)[8.0.0,8.0.38-2)
  • M
Information Exposure

[,4.0.3]
  • C
Server-side Request Forgery (SSRF)

[,5.2.0)
  • H
CVE-2002-1394

[4.0.0,4.1.10]
  • H
Improper Input Validation

[,7.0.70)[8.0.0,8.0.36)[8.5.0,8.5.3)
  • H
Deserialization of Untrusted Data

[7.0.0,7.0.108)[8.5.0,8.5.63)[9.0.1,9.0.43)
  • M
Cross-site Scripting (XSS)

[6.0,6.0.29]
  • L
Information Exposure

[4.0.1,4.1.36]
  • M
Information Exposure

[7.0.0,7.0.107)[8.5.0,8.5.60)[9.0.1,9.0.40)
  • H
Information Exposure

[4.1.15,4.1.40]
  • M
Race Condition

[8.5.5,8.5.32)[9.0.1,9.0.10)
  • M
Improper Input Validation

[,6.0.39)
  • H
Insecure Default

[0,)
  • H
Security Features

[,4)
  • M
Insufficient Verification of Data Authenticity

[,7.0.79)[8.0.0,8.0.45)[8.5.0,8.5.16)
  • L
Cross-site Scripting (XSS)

[,5.0)
  • L
Cross-site Scripting (XSS)

[,4.1.32)
  • H
Error Handling

[,6.0.50)[7.0.0,7.0.75)[8.0.0,8.0.41)[8.5.0,8.5.9)
  • M
Directory Traversal

[,6.0.45)[7.0.0,7.0.67)[8.0.0,8.0.30)
  • L
Information Exposure

[,5.5.34)[6.0.0,6.0.33)
  • M
Access Restriction Bypass

[4.1.0,5.5.0]
  • M
Directory Traversal

[5.5.0,6.0.20]
  • H
CVE-2001-1563

[,3.2.1]
  • M
Information Exposure

[0,5.5.25-1jpp.1.fc7)
  • M
Remote Code Execution (RCE)

[,5.0.2)
  • M
CVE-2006-3835

[,5.5.17)
  • M
Denial of Service (DoS)

[5.5.0,5.5.11]
  • M
Access Restriction Bypass

[,5.5.34)[6.0.0,6.0.33)[7.0.0,7.0.12)
  • M
Directory Traversal

[5.0.0,5.5.22)[6.0.0,6.0.10)
  • H
Denial of Service (DoS)

[,1.0.0)[7.0.28,8.0.0][8.0.0,8.0.52)[8.5.0,8.5.31)[9.0.1,9.0.8)
  • M
Open Redirect

[7.0.23,7.0.91)[8.5.0,8.5.34)[9.0.1,9.0.12)
  • L
Information Exposure

[0,7.0.40)
  • M
Information Exposure

[,6.0.45)[7.0.0,7.0.68)[8.0.0,8.0.32)
  • M
Access Restriction Bypass

[,5.5.36)[6.0.0,6.0.36)[7.0.0,7.0.30)
  • M
Cryptographic Issues

[,5.5.34)[6.0.0,6.0.33)[7.0.0,7.0.12)
  • M
Information Exposure

[3.2.3,3.2.4]
  • M
Denial of Service (DoS)

[4.0.0,4.0.6]
  • H
Information Exposure

[8.5.1,8.5.60)[9.0.1,9.0.36)
  • C
Improper Authentication

[,2.0]
  • M
Information Exposure

[0,6.0.35)
  • C
Improper Data Handling

[0,8.5.13)
  • C
Improper Access Control

[,6.0.48)[7.0.0,7.0.73)[8.0.0,8.0.39)[8.5.0,8.5.8)
  • M
Cross-site Scripting (XSS)

[7.0.0,7.0.94)[8.5.0,8.5.40)[9.0.1,9.0.19)
  • C
Improper Input Validation

[7.0.0,7.0.100)[8.5.0,8.5.51)[9.0.0,9.0.31)
  • M
CVE-2007-6286

[0,5.5.26-1jpp.1)
  • M
Information Exposure

[0,5.5.25-1jpp.1.fc7)
  • M
CVE-2020-13943

[,8.5.58)[9.0.0,9.0.38)[10.0.08,10.0.0-M8)
  • M
Cross-site Request Forgery (CSRF)

[,4.1.31]
  • M
Denial of Service (DoS)

[3.0,3.3.1]
  • M
Cross-site Request Forgery (CSRF)

[2.1,2.1.3]
  • M
Improper Authentication

[,6.0.37)[7.0.0,7.0.33)
  • M
Improper Authentication

[,5.5.36)[6.0.0,6.0.36)[7.0.0,7.0.30)
  • M
Improper Authentication

[,2.0.2)
  • M
CVE-2011-2481

[,7.0.17)
  • H
Out-of-Bounds

[4.0.0,4.1.12]