Search CVE reports

11 – 20 of 142 results

Detailed view

Sort by:

CVE-2025-52434

Medium priority

Vulnerable

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes...

6 affected packages

tomcat9, tomcat6, tomcat7, tomcat8, tomcat10, tomcat11

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat9	Not affected	Vulnerable	Vulnerable	Vulnerable
tomcat6	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Ignored
tomcat8	Not in release	Not in release	Not in release	Ignored
tomcat10	Needs evaluation	Not in release	Not in release	Not in release
tomcat11	Not in release	Not in release	Not in release	Not in release

CVE-2025-49125

Medium priority

Vulnerable

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources...

6 affected packages

tomcat10, tomcat11, tomcat9, tomcat6, tomcat7, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat10	Vulnerable	Not in release	—	—
tomcat11	Not in release	Not in release	—	—
tomcat9	Not affected	Vulnerable	Vulnerable	Vulnerable
tomcat6	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Ignored
tomcat8	Not in release	Not in release	Not in release	Ignored

CVE-2025-48988

Medium priority

Vulnerable

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following...

6 affected packages

tomcat10, tomcat11, tomcat9, tomcat6, tomcat7, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat10	Vulnerable	Not in release	—	—
tomcat11	Not in release	Not in release	—	—
tomcat9	Not affected	Vulnerable	Vulnerable	Vulnerable
tomcat6	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Ignored
tomcat8	Not in release	Not in release	Not in release	Ignored

CVE-2025-48976

Medium priority

Vulnerable

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before...

7 affected packages

libcommons-fileupload-java, tomcat10, tomcat11, tomcat9, tomcat6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libcommons-fileupload-java	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tomcat10	Vulnerable	Not in release	—	—
tomcat11	Not in release	Not in release	—	—
tomcat9	Not affected	Vulnerable	Vulnerable	Vulnerable
tomcat6	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Ignored
tomcat8	Not in release	Not in release	Not in release	Ignored

CVE-2025-46701

Medium priority

Some fixes available 2 of 7

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue...

6 affected packages

tomcat10, tomcat11, tomcat9, tomcat6, tomcat7, tomcat8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat10	Fixed	Not in release	Not in release	—
tomcat11	Not in release	Not in release	Not in release	—
tomcat9	Not affected	Vulnerable	Vulnerable	Vulnerable
tomcat6	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Ignored
tomcat8	Not in release	Not in release	Not in release	Ignored

CVE-2025-31651

Medium priority

Some fixes available 2 of 10

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9, tomcat11

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	—
tomcat7	Not in release	Not in release	Not in release	Not affected
tomcat8	Not in release	Not in release	Not in release	Vulnerable
tomcat10	Fixed	Not in release	Not in release	—
tomcat9	Not affected	Vulnerable	Vulnerable	Vulnerable
tomcat11	Not in release	Not in release	Not in release	Not in release

CVE-2025-31650

Medium priority

Some fixes available 1 of 2

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such...

5 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	—
tomcat7	Not in release	Not in release	Not in release	Not affected
tomcat8	Not in release	Not in release	Not in release	Not affected
tomcat10	Fixed	Not in release	Not in release	—
tomcat9	Not affected	Not affected	Not affected	Not affected

CVE-2025-24813

High priority

Some fixes available 8 of 10

Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9, tomcat11

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	—
tomcat7	Not in release	Not in release	Not in release	Not affected
tomcat8	Not in release	Not in release	Not in release	Not affected
tomcat10	Fixed	Not in release	Not in release	—
tomcat9	Fixed	Fixed	Fixed	Fixed
tomcat11	Not in release	Not in release	Not in release	Not in release

CVE-2024-56337

Medium priority

Vulnerable

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9, tomcat11

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	—
tomcat7	Not in release	Not in release	Not in release	Needs evaluation
tomcat8	Not in release	Not in release	Not in release	Vulnerable
tomcat10	Ignored	Not in release	Not in release	—
tomcat9	Not affected	Vulnerable	Vulnerable	Vulnerable
tomcat11	Not in release	Not in release	Not in release	Not in release

CVE-2024-54677

Low priority

Some fixes available 1 of 14

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat9, tomcat11

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	—
tomcat7	Not in release	Not in release	Not in release	Needs evaluation
tomcat8	Not in release	Not in release	Not in release	Vulnerable
tomcat10	Fixed	Not in release	Not in release	—
tomcat9	Not affected	Vulnerable	Vulnerable	Vulnerable
tomcat11	Not in release	Not in release	Not in release	Not in release

Export to JSON

Results by page: