Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Tomcat — Vulnerabilities & Security Advisories 110

All 110 CVE vulnerabilities found in Apache Tomcat, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2026-43515 Apache Tomcat: Security constraints not correctly applied CWE-285--2026-05-12
CVE-2026-43514 Apache Tomcat: AJP secret compared in non-constant time CWE-208--2026-05-12
CVE-2026-43513 Apache Tomcat: LockOutRealm treats user names as case-sensitive CWE-178--2026-05-12
CVE-2026-43512 Apache Tomcat: Digest authenticator will authenticate any unknown user CWE-592--2026-05-12
CVE-2026-41293 Apache Tomcat: HTTP/2 request headers not validated CWE-20--2026-05-12
CVE-2026-42498 Apache Tomcat: WebSocket authentication header exposure CWE-200--2026-05-12
CVE-2026-41284 Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling CWE-770--2026-05-12
CVE-2026-34500 Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled 8.1AIHighAI2026-04-09
CVE-2026-34487 Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token CWE-532 7.5AIHighAI2026-04-09
CVE-2026-34486 Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor CWE-311 7.5AIHighAI2026-04-09
CVE-2026-34483 Apache Tomcat: Incomplete escaping of JSON access logs CWE-116 9.8AICriticalAI2026-04-09
CVE-2026-32990 Apache Tomcat: Fix for CVE-2025-66614 is incomplete CWE-20 9.1AICriticalAI2026-04-09
CVE-2026-29146 Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default 9.1AICriticalAI2026-04-09
CVE-2026-29145 Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled 9.8AICriticalAI2026-04-09
CVE-2026-29129 Apache Tomcat: TLS cipher order is not preserved 7.5AIHighAI2026-04-09
CVE-2026-25854 Apache Tomcat: Occasionally open redirect CWE-601 6.1AIMediumAI2026-04-09
CVE-2026-24880 Apache Tomcat: Request smuggling via invalid chunk extension CWE-444 9.1AICriticalAI2026-04-09
CVE-2026-24733 Apache Tomcat: Security constraint bypass with HTTP/0.9 CWE-20 7.5AIHighAI2026-02-17
CVE-2025-66614 Apache Tomcat: Client certificate verification bypass due to virtual host mapping CWE-20 9.8AICriticalAI2026-02-17
CVE-2025-61795 Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS CWE-404 7.5 -2025-10-27
CVE-2025-55752 Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled CWE-23 9.8AICriticalAI2025-10-27
CVE-2025-55754 Apache Tomcat: console manipulation via escape sequences in log messages CWE-150 8.8 -2025-10-27
CVE-2025-55668 Apache Tomcat: session fixation via rewrite valve CWE-384 9.8 -2025-08-13
CVE-2025-48989 Apache Tomcat: h2 DoS - Made You Reset CWE-404 7.5AIHighAI2025-08-13
CVE-2025-53506 Apache Tomcat: DoS via excessive h2 streams at connection start CWE-400 7.5 -2025-07-10
CVE-2025-52520 Apache Tomcat: DoS via integer overflow in multipart file upload CWE-190 7.5 -2025-07-10
CVE-2025-52434 Apache Tomcat: APR/Native Connector crash leading to DoS CWE-362 8.1 -2025-07-10
CVE-2025-49124 Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows CWE-426 7.8AIHighAI2025-06-16
CVE-2025-49125 Apache Tomcat: Security constraint bypass for pre/post-resources CWE-288 9.1 -2025-06-16
CVE-2025-48988 Apache Tomcat: FileUpload large number of parts with headers DoS CWE-770 7.5 -2025-06-16

All 110 known CVE vulnerabilities affecting Apache Tomcat with full Chinese analysis, references, and POCs where available.