Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Web Server

Apache Tomcat

The Apache Tomcat is an open-source Java Servlet Container developed by the Apache Software Foundation (ASF). Tomcat implements several Java EE specifications including Java Servlet JavaServer Pages (JSP) Java EL and WebSocket and provides a quotpure Javaquot HTTP web server environment in which Java code can run.

Official Site:

http://tomcat.apache.org/

Severity Summary:

Critical: 14 High: 82 Medium: 138 Low: 15
Reference
Title
Severity
CVE-2018-1336
Apache Tomcat Loop with Unreachable Exit Condition (Infinite Loop) Vulnerability
High
CVE-2019-12418
Apache Tomcat Insufficiently Protected Credentials Vulnerability
High
CVE-2020-9484
Apache Tomcat Deserialization of Untrusted Data Vulnerability
High
CVE-2019-17563
Apache Tomcat Session Fixation Vulnerability
High
CVE-2020-11996
Apache Tomcat Uncontrolled Resource Consumption Vulnerability
High
CVE-2016-8745
Apache Tomcat 7PK - Errors Vulnerability
High
CVE-2011-5062
Apache Tomcat Permissions Privileges and Access Controls Vulnerability
Medium
CVE-2016-6794
Apache Tomcat Vulnerability
Medium
CVE-2014-7810
Apache Tomcat Improper Access Control Vulnerability
Medium
CVE-2023-41080
Apache Tomcat URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2014-0227
Apache Tomcat Data Processing Errors Vulnerability
Medium
CVE-2013-4444
Apache Tomcat Improper Control of Generation of Code (Code Injection) Vulnerability
Medium
CVE-2014-0119
Apache Tomcat Permissions Privileges and Access Controls Vulnerability
Medium
CVE-2011-0013
Apache Tomcat Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2000-0672
Apache Tomcat Other Vulnerability
Medium
CVE-2006-7196
Apache Tomcat Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2012-3544
Apache Tomcat Improper Input Validation Vulnerability
Medium
CVE-2000-0760
Apache Tomcat Other Vulnerability
Medium
CVE-2013-4322
Apache Tomcat Improper Input Validation Vulnerability
Medium
CVE-2013-4286
Apache Tomcat Improper Input Validation Vulnerability
Medium
CVE-2021-24122
Apache Tomcat Use of Incorrectly-Resolved Name or Reference Vulnerability
Medium
CVE-2014-0096
Apache Tomcat Permissions Privileges and Access Controls Vulnerability
Medium
CVE-2014-0095
Apache Tomcat Improper Input Validation Vulnerability
Medium
CVE-2019-2684
Apache Tomcat Vulnerability
Medium
CVE-2021-33037
Apache Tomcat Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability
Medium
CVE-2021-30640
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability
Medium
CVE-2022-34305
Apache Tomcat Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2014-0075
Apache Tomcat Numeric Errors Vulnerability
Medium
CVE-2017-7674
Apache Tomcat Insufficient Verification of Data Authenticity Vulnerability
Medium
CVE-2013-2067
Apache Tomcat Improper Authentication Vulnerability
Medium