Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Web Server

Apache Tomcat

The Apache Tomcat is an open-source Java Servlet Container developed by the Apache Software Foundation (ASF). Tomcat implements several Java EE specifications including Java Servlet JavaServer Pages (JSP) Java EL and WebSocket and provides a quotpure Javaquot HTTP web server environment in which Java code can run.

Official Site:

http://tomcat.apache.org/

Severity Summary:

Critical: 10 High: 64 Medium: 129 Low: 14
Reference
Title
Severity
CVE-2017-5648
Apache Tomcat Exposure of Resource to Wrong Sphere Vulnerability
Critical
CVE-2016-8735
Apache Tomcat Vulnerability
Critical
CVE-2018-8014
Apache Tomcat Insecure Default Initialization of Resource Vulnerability
Critical
CVE-2024-50379
Time-of-Check Time-of-Use (TOCTOU) Vulnerability
Critical
CVE-2016-5018
Apache Tomcat Insufficient Information Vulnerability
Critical
CVE-2017-5651
Apache Tomcat Vulnerability
Critical
CVE-2020-1938
Apache Tomcat Other Vulnerability
Critical
CVE-2024-56337
Time-of-Check Time-of-Use (TOCTOU) Vulnerability
Critical
CVE-2025-24813
Apache Tomcat Use of Incorrectly-Resolved Name or Reference Vulnerability
Critical
CVE-2025-31651
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability
Critical
CVE-2002-1394
Apache Tomcat Other Vulnerability
High
CVE-2013-2185
Apache Tomcat Improper Input Validation Vulnerability
High
CVE-2016-6797
Apache Tomcat Incorrect Authorization Vulnerability
High
CVE-2016-6796
Apache Tomcat Insufficient Information Vulnerability
High
CVE-2022-23181
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability
High
CVE-2015-8751
Apache Tomcat Integer Overflow or Wraparound Vulnerability
High
CVE-2020-0822
Apache Tomcat Vulnerability
High
CVE-2021-30639
Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability
High
CVE-2001-1563
Apache Tomcat Other Vulnerability
High
CVE-2021-25329
Apache Tomcat Deserialization of Untrusted Data Vulnerability
High
CVE-2005-4836
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
High
CVE-2002-0682
Apache Tomcat Other Vulnerability
High
CVE-2009-3548
Apache Tomcat Credentials Management Errors Vulnerability
High
CVE-2020-13934
Apache Tomcat Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability
High
CVE-2006-7197
Apache Tomcat Other Vulnerability
High
CVE-2002-0493
Apache Tomcat 7PK - Security Features Vulnerability
High
CVE-2002-2272
Apache Tomcat Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability
High
CVE-2020-13935
Apache Tomcat Loop with Unreachable Exit Condition (Infinite Loop) Vulnerability
High
CVE-2021-25122
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
High
CVE-2021-42340
Apache Tomcat Missing Release of Resource after Effective Lifetime Vulnerability
High