Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Tomcat — Vulnerabilities & Security Advisories 103

All 103 CVE vulnerabilities found in Apache Tomcat, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2026-34500 Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled 8.1AIHighAI2026-04-09
CVE-2026-34487 Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token CWE-532 7.5AIHighAI2026-04-09
CVE-2026-34486 Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor CWE-311 7.5AIHighAI2026-04-09
CVE-2026-34483 Apache Tomcat: Incomplete escaping of JSON access logs CWE-116 9.8AICriticalAI2026-04-09
CVE-2026-32990 Apache Tomcat: Fix for CVE-2025-66614 is incomplete CWE-20 9.1AICriticalAI2026-04-09
CVE-2026-29146 Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default 9.1AICriticalAI2026-04-09
CVE-2026-29145 Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled 9.8AICriticalAI2026-04-09
CVE-2026-29129 Apache Tomcat: TLS cipher order is not preserved 7.5AIHighAI2026-04-09
CVE-2026-25854 Apache Tomcat: Occasionally open redirect CWE-601 6.1AIMediumAI2026-04-09
CVE-2026-24880 Apache Tomcat: Request smuggling via invalid chunk extension CWE-444 9.1AICriticalAI2026-04-09
CVE-2026-24733 Apache Tomcat: Security constraint bypass with HTTP/0.9 CWE-20 7.5AIHighAI2026-02-17
CVE-2025-66614 Apache Tomcat: Client certificate verification bypass due to virtual host mapping CWE-20 9.8AICriticalAI2026-02-17
CVE-2025-61795 Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS CWE-404 7.5 -2025-10-27
CVE-2025-55752 Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled CWE-23 9.8AICriticalAI2025-10-27
CVE-2025-55754 Apache Tomcat: console manipulation via escape sequences in log messages CWE-150 8.8 -2025-10-27
CVE-2025-55668 Apache Tomcat: session fixation via rewrite valve CWE-384 9.8 -2025-08-13
CVE-2025-48989 Apache Tomcat: h2 DoS - Made You Reset CWE-404 7.5AIHighAI2025-08-13
CVE-2025-53506 Apache Tomcat: DoS via excessive h2 streams at connection start CWE-400 7.5 -2025-07-10
CVE-2025-52520 Apache Tomcat: DoS via integer overflow in multipart file upload CWE-190 7.5 -2025-07-10
CVE-2025-52434 Apache Tomcat: APR/Native Connector crash leading to DoS CWE-362 8.1 -2025-07-10
CVE-2025-49124 Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows CWE-426 7.8AIHighAI2025-06-16
CVE-2025-49125 Apache Tomcat: Security constraint bypass for pre/post-resources CWE-288 9.1 -2025-06-16
CVE-2025-48988 Apache Tomcat: FileUpload large number of parts with headers DoS CWE-770 7.5 -2025-06-16
CVE-2025-46701 Apache Tomcat: Security constraint bypass for CGI scripts CWE-178 9.1AICriticalAI2025-05-29
CVE-2025-31651 Apache Tomcat: Bypass of rules in Rewrite Valve CWE-116 9.1AICriticalAI2025-04-28
CVE-2025-31650 Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame CWE-459 7.5AIHighAI2025-04-28
CVE-2025-24813 Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT CWE-44 8.8 -2025-03-10
CVE-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete CWE-367 8.1 -2024-12-20
CVE-2024-54677 Apache Tomcat: DoS in examples web application CWE-400 7.5 -2024-12-17
CVE-2024-50379 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation CWE-367 8.1 -2024-12-17

All 103 known CVE vulnerabilities affecting Apache Tomcat with full Chinese analysis, references, and POCs where available.