Exposure of Apache Tomcat
Web servers342
exposure score
14,493
sites use
5
exploited
19
critical
CVEs
131 resultsCVE-2022-45143—Apache Tomcat: JsonErrorReportValve escapingEPSS 2.5%CVE-2024-23672MEDIUMApache Tomcat: WebSocket DoS with incomplete closing handshakeEPSS 2.3%CVE-2023-42795MEDIUMApache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requestsEPSS 2.2%CVE-2024-52317MEDIUMApache Tomcat: Request/response mix-up with HTTP/2EPSS 2.0%CVE-2025-52520HIGHApache Tomcat: DoS via integer overflow in multipart file uploadEPSS 2.0%CVE-2024-54677MEDIUMApache Tomcat: DoS in examples web applicationEPSS 1.9%CVE-2025-53506HIGHApache Tomcat: DoS via excessive h2 streams at connection startEPSS 1.9%CVE-2023-42794—Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on WindowsEPSS 1.9%CVE-2023-28708MEDIUMApache Tomcat: JSESSIONID Cookie missing secure attribute in some configurationsEPSS 1.8%CVE-2025-52434HIGHApache Tomcat: APR/Native Connector crash leading to DoSEPSS 1.8%CVE-2021-43980LOWApache Tomcat: Information disclosureEPSS 1.7%CVE-2024-38286HIGHApache Tomcat: Denial of ServiceEPSS 1.7%CVE-2024-52318MEDIUMApache Tomcat: Incorrect JSP tag recycling leads to XSSEPSS 1.7%CVE-2022-42252HIGHApache Tomcat request smuggling via malformed content-lengthEPSS 1.4%CVE-2023-41081HIGHApache Tomcat Connectors: Unexpected use of first declared worker in mod_jk for unmapped requestEPSS 1.3%CVE-2019-12418—When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacEPSS 1.2%CVE-2025-61795MEDIUMApache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoSEPSS 1.1%CVE-2023-34981HIGHApache Tomcat: AJP response header mix-upEPSS 1.1%CVE-2026-41293CRITICALApache Tomcat: HTTP/2 request headers not validatedEPSS 1.0%CVE-2026-43512CRITICALApache Tomcat: Digest authenticator will authenticate any unknown userEPSS 0.9%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →