| Bug | Description |
|---|
| TEMP-0840685-CEF76B | TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory |
| CVE-2017-7675 | The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8 ... |
| CVE-2017-5664 | The error page mechanism of the Java Servlet Specification requires th ... |
| CVE-2017-5648 | While investigating bug 60718, it was noticed that some calls to appli ... |
| CVE-2017-5647 | A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0 ... |
| CVE-2016-9775 | The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 o ... |
| CVE-2016-9774 | The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 ... |
| CVE-2016-8745 | A bug in the error handling of the send file code for the NIO HTTP con ... |
| CVE-2016-8735 | Remote code execution is possible with Apache Tomcat before 6.0.48, 7. ... |
| CVE-2016-6817 | The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8. ... |
| CVE-2016-6816 | The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0 ... |
| CVE-2016-6797 | The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9. ... |
| CVE-2016-6796 | A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0 ... |
| CVE-2016-6794 | When a SecurityManager is configured, a web application's ability to r ... |
| CVE-2016-6325 | The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBo ... |
| CVE-2016-5425 | The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentO ... |
| CVE-2016-5388 | Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI S ... |
| CVE-2016-5018 | In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8. ... |
| CVE-2016-1240 | The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 a ... |
| CVE-2016-0763 | The setGlobalContext method in org/apache/naming/factory/ResourceLinkF ... |
| CVE-2016-0762 | The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0. ... |
| CVE-2016-0714 | The session-persistence implementation in Apache Tomcat 6.x before 6.0 ... |
| CVE-2016-0706 | Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, ... |
| CVE-2015-5351 | The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x ... |
| CVE-2015-5346 | Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x ... |
| CVE-2015-5345 | The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7. ... |
| CVE-2015-5174 | Directory traversal vulnerability in RequestUtil.java in Apache Tomcat ... |
| CVE-2014-7810 | The Expression Language (EL) implementation in Apache Tomcat 6.x befor ... |
| CVE-2014-0230 | Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0 ... |
| CVE-2014-0227 | java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apach ... |
| CVE-2014-0119 | Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 d ... |
| CVE-2014-0099 | Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apac ... |
| CVE-2014-0096 | java/org/apache/catalina/servlets/DefaultServlet.java in the default s ... |
| CVE-2014-0075 | Integer overflow in the parseChunkHeader function in java/org/apache/c ... |
| CVE-2014-0050 | MultipartStream.java in Apache Commons FileUpload before 1.3.1, as use ... |
| CVE-2014-0033 | org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0. ... |
| CVE-2013-4590 | Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-R ... |
| CVE-2013-4322 | Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-R ... |
| CVE-2013-4286 | Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-R ... |
| CVE-2013-2067 | java/org/apache/catalina/authenticator/FormAuthenticator.java in the f ... |
| CVE-2013-2051 | The Tomcat 6 DIGEST authentication functionality as used in Red Hat En ... |
| CVE-2013-1976 | The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in ... |
| CVE-2013-0346 | Apache Tomcat 7.x uses world-readable permissions for the log director ... |
| CVE-2012-5887 | The HTTP Digest Access Authentication implementation in Apache Tomcat ... |
| CVE-2012-5886 | The HTTP Digest Access Authentication implementation in Apache Tomcat ... |
| CVE-2012-5885 | The replay-countermeasure functionality in the HTTP Digest Access Auth ... |
| CVE-2012-5568 | Apache Tomcat through 7.0.x allows remote attackers to cause a denial ... |
| CVE-2012-4534 | org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x befor ... |
| CVE-2012-4431 | org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat ... |
| CVE-2012-3546 | org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6 ... |
| CVE-2012-3544 | Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properl ... |
| CVE-2012-2733 | java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP ... |
| CVE-2012-0022 | Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7 ... |
| CVE-2011-5064 | DigestAuthenticator.java in the HTTP Digest Access Authentication impl ... |
| CVE-2011-5063 | The HTTP Digest Access Authentication implementation in Apache Tomcat ... |
| CVE-2011-5062 | The HTTP Digest Access Authentication implementation in Apache Tomcat ... |
| CVE-2011-4858 | Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 ... |
| CVE-2011-3375 | Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not pro ... |
| CVE-2011-3190 | Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 ... |
| CVE-2011-2526 | Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7 ... |
| CVE-2011-2204 | Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7 ... |
| CVE-2011-1582 | Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servl ... |
| CVE-2011-1475 | The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not p ... |
| CVE-2011-1419 | Apache Tomcat 7.x before 7.0.11, when web.xml has no security constrai ... |
| CVE-2011-1184 | The HTTP Digest Access Authentication implementation in Apache Tomcat ... |
| CVE-2011-1183 | Apache Tomcat 7.0.11, when web.xml has no login configuration, does no ... |
| CVE-2011-1088 | Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annota ... |
| CVE-2011-0534 | Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not en ... |
| CVE-2011-0013 | Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manage ... |
| CVE-2010-4312 | The default configuration of Apache Tomcat 6.x does not include the HT ... |
| CVE-2010-4172 | Multiple cross-site scripting (XSS) vulnerabilities in the Manager app ... |
| CVE-2010-3718 | Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running with ... |
| CVE-2010-2227 | Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 be ... |
| CVE-2010-1157 | Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allo ... |
| CVE-2009-3548 | The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 th ... |
| CVE-2009-2902 | Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.2 ... |
| CVE-2009-2901 | The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6 ... |
| CVE-2009-2693 | Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.2 ... |
| CVE-2009-0783 | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 th ... |
| CVE-2009-0781 | Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ca ... |
| CVE-2009-0580 | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 th ... |
| CVE-2009-0033 | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 th ... |
| CVE-2008-5515 | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 throug ... |
| CVE-2008-3271 | Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers t ... |