Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Web Server

Apache Tomcat

The Apache Tomcat is an open-source Java Servlet Container developed by the Apache Software Foundation (ASF). Tomcat implements several Java EE specifications including Java Servlet JavaServer Pages (JSP) Java EL and WebSocket and provides a quotpure Javaquot HTTP web server environment in which Java code can run.

Official Site:

http://tomcat.apache.org/

Severity Summary:

Critical: 17 High: 85 Medium: 138 Low: 16
Reference
Title
Severity
CVE-2017-15706
Apache Tomcat Improperly Implemented Security Check for Standard Vulnerability
Medium
CVE-2020-13943
Apache Tomcat Vulnerability
Medium
CVE-2025-55668
Apache Tomcat Session Fixation Vulnerability
Medium
CVE-2024-21733
Apache Tomcat Generation of Error Message Containing Sensitive Information Vulnerability
Medium
CVE-2012-5886
Apache Tomcat Improper Authentication Vulnerability
Medium
CVE-2014-9634
Apache Tomcat 7PK - Security Features Vulnerability
Medium
CVE-2023-45648
Apache Tomcat Other Vulnerability
Medium
CVE-2023-28708
Apache Tomcat Unprotected Transport of Credentials Vulnerability
Medium
CVE-2023-42794
Apache Tomcat Incomplete Cleanup Vulnerability
Medium
CVE-2023-42795
Apache Tomcat Incomplete Cleanup Vulnerability
Medium
CVE-2015-5345
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2021-33037
Apache Tomcat Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability
Medium
CVE-2021-30640
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability
Medium
CVE-2012-5885
Apache Tomcat Permissions Privileges and Access Controls Vulnerability
Medium
CVE-2008-0002
Apache Tomcat Other Vulnerability
Medium
CVE-2008-3271
Apache Tomcat Permissions Privileges and Access Controls Vulnerability
Medium
CVE-2008-2938
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2008-1232
Apache Tomcat Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2008-2370
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2008-1947
Apache Tomcat Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2007-5333
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2007-6286
Apache Tomcat Other Vulnerability
Medium
CVE-2008-0128
Apache Tomcat Configuration Vulnerability
Medium
CVE-2009-0033
Apache Tomcat Improper Input Validation Vulnerability
Medium
CVE-2007-5342
Apache Tomcat Permissions Privileges and Access Controls Vulnerability
Medium
CVE-2007-4724
Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2007-3382
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2007-3385
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2007-3386
Apache Tomcat Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2007-3384
Apache Tomcat Other Vulnerability
Medium