Known Vulnerabilities for Tomcat by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Tomcat" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-28228 | OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versi... | Not Provided | 2026-03-30 | 2026-03-31 |
| CVE-2022-23181 | The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8... | 7 - HIGH | 2022-01-27 | 2022-11-07 |
| CVE-2021-43980 | The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards e... | 3.7 - LOW | 2022-09-28 | 2022-11-10 |
| CVE-2021-42340 | The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8... | 7.5 - HIGH | 2021-10-14 | 2023-11-07 |
| CVE-2021-41079 | Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. Whe... | 7.5 - HIGH | 2021-09-16 | 2023-11-07 |
| CVE-2021-33037 | Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding ... | 5.3 - MEDIUM | 2021-07-12 | 2023-11-07 |
| CVE-2021-30640 | A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name a... | 6.5 - MEDIUM | 2021-07-12 | 2022-10-27 |
| CVE-2021-30639 | A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a... | 7.5 - HIGH | 2021-07-12 | 2023-11-07 |
| CVE-2021-25329 | The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 o... | 7 - HIGH | 2021-03-01 | 2023-11-07 |
| CVE-2021-25122 | When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8... | 7.5 - HIGH | 2021-03-01 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Tomcat | 9.0.9 | All | All | All |
| Application | Apache | Tomcat | 9.0.8 | All | All | All |
| Application | Apache | Tomcat | 9.0.7 | All | All | All |
| Application | Apache | Tomcat | 9.0.6 | All | All | All |
| Application | Apache | Tomcat | 9.0.5 | All | All | All |
| Application | Apache | Tomcat | 9.0.43 | All | All | All |
| Application | Apache | Tomcat | 9.0.41 | All | All | All |
| Application | Apache | Tomcat | 9.0.40 | All | All | All |
| Application | Apache | Tomcat | 9.0.4 | All | All | All |
| Application | Apache | Tomcat | 9.0.39 | All | All | All |
| Application | Apache | Tomcat | 9.0.38 | All | All | All |
| Application | Apache | Tomcat | 9.0.37 | All | All | All |
| Application | Apache | Tomcat | 9.0.36 | All | All | All |
| Application | Apache | Tomcat | 9.0.35-3.57.3 | All | All | All |
| Application | Apache | Tomcat | 9.0.35-3.39.1 | All | All | All |
| Application | Apache | Tomcat | 9.0.35 | All | All | All |
| Application | Apache | Tomcat | 9.0.34 | All | All | All |
| Application | Apache | Tomcat | 9.0.33 | All | All | All |
| Application | Apache | Tomcat | 9.0.32 | All | All | All |
| Application | Apache | Tomcat | 9.0.31 | All | All | All |