Search CVE reports


Toggle filters

1 – 10 of 67 results


CVE-2025-53506

Medium priority
Needs evaluation

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from...

3 affected packages

tomcat10, tomcat11, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Needs evaluation Not in release
tomcat11 Not in release Not in release
tomcat9 Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-52520

Medium priority
Needs evaluation

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8,...

3 affected packages

tomcat10, tomcat11, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Needs evaluation Not in release
tomcat11 Not in release Not in release
tomcat9 Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-52434

Medium priority
Needs evaluation

Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes...

1 affected package

tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat9 Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-49125

Medium priority
Needs evaluation

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.  When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources...

3 affected packages

tomcat10, tomcat11, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Needs evaluation Not in release
tomcat11 Not in release Not in release
tomcat9 Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-49124

Medium priority
Needs evaluation

Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1...

3 affected packages

tomcat10, tomcat11, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Needs evaluation Not in release
tomcat11 Not in release Not in release
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-48988

Medium priority
Needs evaluation

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are...

3 affected packages

tomcat10, tomcat11, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Needs evaluation Not in release
tomcat11 Not in release Not in release
tomcat9 Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-48976

Medium priority
Needs evaluation

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before...

4 affected packages

libcommons-fileupload-java, tomcat10, tomcat11, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libcommons-fileupload-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Not in release
tomcat11 Not in release Not in release
tomcat9 Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-46701

Medium priority
Vulnerable

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat’s GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue...

3 affected packages

tomcat10, tomcat11, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Vulnerable Not in release Not in release
tomcat11 Not in release Not in release Not in release
tomcat9 Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-31651

Medium priority
Vulnerable

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Vulnerable Not in release Not in release
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-31650

Medium priority
Vulnerable

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Vulnerable Not in release Not in release
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not affected
tomcat9 Not affected Not affected Not affected Not affected
Show less packages