Search CVE reports

Toggle filters

1 – 10 of 125 results

CVE-2026-24734

Medium priority
Needs evaluation

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the...

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release
tomcat7 Not in release Not in release Needs evaluation
tomcat8 Not in release Not in release Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Not in release
Show less packages

CVE-2026-24733

Medium priority
Needs evaluation

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could...

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release
tomcat7 Not in release Not in release Needs evaluation
tomcat8 Not in release Not in release Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Not in release
Show less packages

CVE-2025-66614

Medium priority
Needs evaluation

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was...

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release
tomcat7 Not in release Not in release Needs evaluation
tomcat8 Not in release Not in release Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Not in release
Show less packages

CVE-2025-31651

Medium priority

Some fixes available 2 of 9

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If...

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Vulnerable
tomcat10 Fixed Not in release Not in release
tomcat9 Not affected Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2025-31650

Medium priority

Some fixes available 1 of 2

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such...

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not affected
tomcat10 Fixed Not in release Not in release
tomcat9 Not affected Not affected Not affected Not affected
Show less packages

CVE-2025-24813

High priority

Some fixes available 8 of 9

Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects...

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not affected
tomcat10 Fixed Not in release Not in release
tomcat9 Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-56337

Medium priority
Vulnerable

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following...

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Needs evaluation
tomcat8 Not in release Not in release Not in release Vulnerable
tomcat10 Vulnerable Not in release Not in release
tomcat9 Not affected Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2024-54677

Low priority

Some fixes available 1 of 13

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through...

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Needs evaluation
tomcat8 Not in release Not in release Not in release Vulnerable
tomcat10 Fixed Not in release Not in release
tomcat9 Not affected Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2024-50379

Medium priority

Some fixes available 1 of 9

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write...

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not affected
tomcat10 Fixed Not in release Not in release
tomcat9 Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2024-52318

Medium priority
Ignored

Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not affected
tomcat10 Not affected Not in release Not in release
tomcat9 Not affected Not affected Not affected Not affected
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON