Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Web Server

Apache Tomcat

The Apache Tomcat is an open-source Java Servlet Container developed by the Apache Software Foundation (ASF). Tomcat implements several Java EE specifications including Java Servlet JavaServer Pages (JSP) Java EL and WebSocket and provides a quotpure Javaquot HTTP web server environment in which Java code can run.

Official Site:

http://tomcat.apache.org/

Severity Summary:

Critical: 14 High: 82 Medium: 138 Low: 15
Reference
Title
Severity
CVE-2013-2185
Apache Tomcat Improper Input Validation Vulnerability
High
CVE-2021-25329
Apache Tomcat Deserialization of Untrusted Data Vulnerability
High
CVE-2001-1563
Apache Tomcat Other Vulnerability
High
CVE-2002-0682
Apache Tomcat Other Vulnerability
High
CVE-2002-0493
Apache Tomcat 7PK - Security Features Vulnerability
High
CVE-2002-2272
Apache Tomcat Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability
High
CVE-2002-1394
Apache Tomcat Other Vulnerability
High
CVE-2005-4836
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
High
CVE-2006-7197
Apache Tomcat Other Vulnerability
High
CVE-2020-13934
Apache Tomcat Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability
High
CVE-2021-30639
Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability
High
CVE-2017-12617
Apache Tomcat Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2017-7675
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2025-48989
Apache Tomcat Improper Resource Shutdown or Release Vulnerability
High
CVE-2026-29129
Apache Tomcat Use of a Broken or Risky Cryptographic Algorithm Vulnerability
High
CVE-2026-29146
Apache Tomcat Generation of Error Message Containing Sensitive Information Vulnerability
High
CVE-2026-34483
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability
High
CVE-2026-34486
Apache Tomcat Missing Encryption of Sensitive Data Vulnerability
High
CVE-2026-34487
Apache Tomcat Insertion of Sensitive Information into Log File Vulnerability
High
CVE-2026-24734
Apache Tomcat Vulnerability
High
CVE-2025-55752
Apache Tomcat Relative Path Traversal Vulnerability
High
CVE-2024-24549
Apache Tomcat Vulnerability
High
CVE-2024-34750
Apache Tomcat Uncontrolled Resource Consumption Vulnerability
High
CVE-2025-46701
Apache Tomcat Improper Handling of Case Sensitivity Vulnerability
High
CVE-2025-48988
Apache Tomcat Allocation of Resources Without Limits or Throttling Vulnerability
High
CVE-2025-49124
Apache Tomcat Untrusted Search Path Vulnerability
High
CVE-2019-0199
Apache Tomcat Uncontrolled Resource Consumption Vulnerability
High
CVE-2025-49125
Apache Tomcat Authentication Bypass Using an Alternate Path or Channel Vulnerability
High
CVE-2025-52434
Apache Tomcat Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability
High
CVE-2025-52520
Apache Tomcat Integer Overflow or Wraparound Vulnerability
High