Exposure of Apache Tomcat
Web servers342
exposure score
14,493
sites use
5
exploited
19
critical
CVEs
131 resultsCVE-2026-43515CRITICALApache Tomcat: Security constraints not correctly appliedEPSS 0.8%CVE-2026-41284HIGHApache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handlingEPSS 0.8%CVE-2025-55668MEDIUMApache Tomcat: session fixation via rewrite valveEPSS 0.8%CVE-2026-29145CRITICALApache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabledEPSS 0.7%CVE-2022-23181—Local privilege escalation with FileStoreEPSS 0.7%CVE-2026-42498HIGHApache Tomcat: WebSocket authentication header exposureEPSS 0.5%CVE-2026-25854MEDIUMApache Tomcat: Occasionally open redirectEPSS 0.5%CVE-2026-24733MEDIUMApache Tomcat: Security constraint bypass with HTTP/0.9EPSS 0.5%CVE-2025-40711CRITICALSQL injection vulnerability in Quiter GatewayEPSS 0.5%CVE-2026-34500MEDIUMApache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabledEPSS 0.5%CVE-2026-43513HIGHApache Tomcat: LockOutRealm treats user names as case-sensitiveEPSS 0.5%CVE-2026-34483HIGHApache Tomcat: Incomplete escaping of JSON access logsEPSS 0.5%CVE-2026-24880HIGHApache Tomcat: Request smuggling via invalid chunk extensionEPSS 0.5%CVE-2026-34487HIGHApache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer tokenEPSS 0.4%CVE-2025-40712CRITICALSQL injection vulnerability in Quiter GatewayEPSS 0.4%CVE-2025-40713CRITICALSQL injection vulnerability in Quiter GatewayEPSS 0.4%CVE-2025-40717CRITICALSQL injection vulnerability in Quiter GatewayEPSS 0.4%CVE-2025-40714CRITICALSQL injection vulnerability in Quiter GatewayEPSS 0.4%CVE-2025-40715CRITICALSQL injection vulnerability in Quiter GatewayEPSS 0.4%CVE-2025-40716CRITICALSQL injection vulnerability in Quiter GatewayEPSS 0.4%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →