Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Tomcat — Vulnerabilities & Security Advisories 110

All 110 CVE vulnerabilities found in Apache Tomcat, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2025-46701 Apache Tomcat: Security constraint bypass for CGI scripts CWE-178 9.1AICriticalAI2025-05-29
CVE-2025-31651 Apache Tomcat: Bypass of rules in Rewrite Valve CWE-116 9.1AICriticalAI2025-04-28
CVE-2025-31650 Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame CWE-459 7.5AIHighAI2025-04-28
CVE-2025-24813 Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT CWE-44 8.8 -2025-03-10
CVE-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete CWE-367 8.1 -2024-12-20
CVE-2024-54677 Apache Tomcat: DoS in examples web application CWE-400 7.5 -2024-12-17
CVE-2024-50379 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation CWE-367 8.1 -2024-12-17
CVE-2024-52318 Apache Tomcat: Incorrect JSP tag recycling leads to XSS 8.2 -2024-11-18
CVE-2024-52317 Apache Tomcat: Request/response mix-up with HTTP/2 5.3AIMediumAI2024-11-18
CVE-2024-52316 Apache Tomcat: Authentication bypass when using Jakarta Authentication API CWE-391 9.1 -2024-11-18
CVE-2024-38286 Apache Tomcat: Denial of Service CWE-770 8.6 High2024-11-07
CVE-2024-34750 Apache Tomcat: HTTP/2 excess header handling DoS CWE-755 5.3AIMediumAI2024-07-03
CVE-2024-23672 Apache Tomcat: WebSocket DoS with incomplete closing handshake CWE-459 7.5AIHighAI2024-03-13
CVE-2024-24549 Apache Tomcat: HTTP/2 header handling DoS CWE-20 7.5AIHighAI2024-03-13
CVE-2024-21733 Apache Tomcat: Leaking of unrelated request bodies in default error page CWE-209 7.5 -2024-01-19
CVE-2023-46589 Apache Tomcat: HTTP request smuggling via malformed trailer headers CWE-444 7.5 -2023-11-28
CVE-2023-45648 Apache Tomcat: Trailer header parsing too lenient CWE-20 7.5 -2023-10-10
CVE-2023-42795 Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests CWE-459 5.3 -2023-10-10
CVE-2023-42794 Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CWE-459 7.5 -2023-10-10
CVE-2023-41080 Apache Tomcat: Open redirect with FORM authentication CWE-601 6.1 -2023-08-25
CVE-2023-34981 Apache Tomcat: AJP response header mix-up 7.5 -2023-06-21
CVE-2023-28709 Apache Tomcat: Fix for CVE-2023-24998 is incomplete CWE-193 7.5 -2023-05-22
CVE-2023-28708 Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations CWE-523 6.5 -2023-03-22
CVE-2022-45143 Apache Tomcat: JsonErrorReportValve escaping CWE-116 7.5 -2023-01-03
CVE-2022-42252 Apache Tomcat request smuggling via malformed content-length CWE-444 8.2 -2022-11-01
CVE-2021-43980 Apache Tomcat: Information disclosure CWE-362 3.7 -2022-09-28
CVE-2022-34305 XSS in examples web application CWE-79 6.1 -2022-06-23
CVE-2022-25762 Response mix-up with WebSocket concurrent send and close CWE-404 9.4 -2022-05-13
CVE-2022-29885 EncryptInterceptor does not provide complete protection on insecure networks CWE-400 7.5 -2022-05-12
CVE-2022-23181 Local privilege escalation with FileStore CWE-367 7.0 -2022-01-27

All 110 known CVE vulnerabilities affecting Apache Tomcat with full Chinese analysis, references, and POCs where available.