Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Tomcat — Vulnerabilities & Security Advisories 103

All 103 CVE vulnerabilities found in Apache Tomcat, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2024-52318 Apache Tomcat: Incorrect JSP tag recycling leads to XSS 8.2 -2024-11-18
CVE-2024-52317 Apache Tomcat: Request/response mix-up with HTTP/2 5.3AIMediumAI2024-11-18
CVE-2024-52316 Apache Tomcat: Authentication bypass when using Jakarta Authentication API CWE-391 9.1 -2024-11-18
CVE-2024-38286 Apache Tomcat: Denial of Service CWE-770 8.6 High2024-11-07
CVE-2024-34750 Apache Tomcat: HTTP/2 excess header handling DoS CWE-755 5.3AIMediumAI2024-07-03
CVE-2024-23672 Apache Tomcat: WebSocket DoS with incomplete closing handshake CWE-459 7.5AIHighAI2024-03-13
CVE-2024-24549 Apache Tomcat: HTTP/2 header handling DoS CWE-20 7.5AIHighAI2024-03-13
CVE-2024-21733 Apache Tomcat: Leaking of unrelated request bodies in default error page CWE-209 7.5 -2024-01-19
CVE-2023-46589 Apache Tomcat: HTTP request smuggling via malformed trailer headers CWE-444 7.5 -2023-11-28
CVE-2023-45648 Apache Tomcat: Trailer header parsing too lenient CWE-20 7.5 -2023-10-10
CVE-2023-42795 Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests CWE-459 5.3 -2023-10-10
CVE-2023-42794 Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CWE-459 7.5 -2023-10-10
CVE-2023-41080 Apache Tomcat: Open redirect with FORM authentication CWE-601 6.1 -2023-08-25
CVE-2023-34981 Apache Tomcat: AJP response header mix-up 7.5 -2023-06-21
CVE-2023-28709 Apache Tomcat: Fix for CVE-2023-24998 is incomplete CWE-193 7.5 -2023-05-22
CVE-2023-28708 Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations CWE-523 6.5 -2023-03-22
CVE-2022-45143 Apache Tomcat: JsonErrorReportValve escaping CWE-116 7.5 -2023-01-03
CVE-2022-42252 Apache Tomcat request smuggling via malformed content-length CWE-444 8.2 -2022-11-01
CVE-2021-43980 Apache Tomcat: Information disclosure CWE-362 3.7 -2022-09-28
CVE-2022-34305 XSS in examples web application CWE-79 6.1 -2022-06-23
CVE-2022-25762 Response mix-up with WebSocket concurrent send and close CWE-404 9.4 -2022-05-13
CVE-2022-29885 EncryptInterceptor does not provide complete protection on insecure networks CWE-400 7.5 -2022-05-12
CVE-2022-23181 Local privilege escalation with FileStore CWE-367 7.0 -2022-01-27
CVE-2021-42340 DoS via memory leak with WebSocket connections CWE-772 7.5 -2021-10-14
CVE-2021-41079 Apache Tomcat DoS with unexpected TLS packet CWE-20 7.5 -2021-09-16
CVE-2021-33037 Incorrect Transfer-Encoding handling with HTTP/1.0 CWE-444 5.3 -2021-07-12
CVE-2021-30640 Auth weakness in JNDIRealm 6.5 -2021-07-12
CVE-2021-30639 DoS after non-blocking IO error 6.5 -2021-07-12
CVE-2021-25122 Apache Tomcat h2c request mix-up CWE-200 7.5 -2021-03-01
CVE-2021-25329 Incomplete fix for CVE-2020-9484 7.4 -2021-03-01

All 103 known CVE vulnerabilities affecting Apache Tomcat with full Chinese analysis, references, and POCs where available.