Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Web Server

Apache Tomcat

The Apache Tomcat is an open-source Java Servlet Container developed by the Apache Software Foundation (ASF). Tomcat implements several Java EE specifications including Java Servlet JavaServer Pages (JSP) Java EL and WebSocket and provides a quotpure Javaquot HTTP web server environment in which Java code can run.

Official Site:

http://tomcat.apache.org/

Severity Summary:

Critical: 10 High: 64 Medium: 129 Low: 14
Reference
Title
Severity
CVE-2019-0199
Apache Tomcat Uncontrolled Resource Consumption Vulnerability
High
CVE-2022-42252
Apache Tomcat Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability
High
CVE-2023-44487
Apache Tomcat Vulnerability
High
CVE-2023-46589
Apache Tomcat Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability
High
CVE-2024-38286
Apache Tomcat Allocation of Resources Without Limits or Throttling Vulnerability
High
CVE-2023-28709
Apache Tomcat Off-by-one Error Vulnerability
High
CVE-2017-12617
Apache Tomcat Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2017-12615
Apache Tomcat Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2017-7675
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2020-17527
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
High
CVE-2016-6817
Apache Tomcat Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability
High
CVE-2016-0714
Apache Tomcat Permissions Privileges and Access Controls Vulnerability
High
CVE-2022-45143
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability
High
CVE-2023-34981
Apache Tomcat Vulnerability
High
CVE-2022-25762
Apache Tomcat Improper Resource Shutdown or Release Vulnerability
High
CVE-2014-0050
Apache Tomcat Permissions Privileges and Access Controls Vulnerability
High
CVE-2021-41079
Apache Tomcat Loop with Unreachable Exit Condition (Infinite Loop) Vulnerability
High
CVE-2022-29885
Apache Tomcat Vulnerability
High
CVE-2011-3190
Apache Tomcat Permissions Privileges and Access Controls Vulnerability
High
CVE-2025-31650
Apache Tomcat Incomplete Cleanup Vulnerability
High
CVE-2017-12616
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
High
CVE-2017-5650
Apache Tomcat Improper Resource Shutdown or Release Vulnerability
High
CVE-2019-0232
Apache Tomcat Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
High
CVE-2020-8022
Apache Tomcat Incorrect Default Permissions Vulnerability
High
CVE-2017-5647
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
High
CVE-2017-5664
Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability
High
CVE-2016-6816
Apache Tomcat Improper Input Validation Vulnerability
High
CVE-2015-5346
Apache Tomcat Other Vulnerability
High
CVE-2018-8034
Apache Tomcat Improper Certificate Validation Vulnerability
High
CVE-2019-10072
Apache Tomcat Improper Locking Vulnerability
High