Skip to main content

Tomcat Native

3 CVEs product

Monthly

CVE-2026-24734 Maven HIGH PATCH This Week

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. [CVSS 7.5 HIGH]

Apache Tomcat Tomcat Native Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2018-8020 HIGH This Week

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Tomcat Debian Linux Tomcat Native
NVD
CVSS 3.0
7.4
EPSS
4.2%
CVE-2018-8019 HIGH This Week

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Tomcat Debian Linux Tomcat Native
NVD
CVSS 3.0
7.4
EPSS
4.1%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. [CVSS 7.5 HIGH]

Apache Tomcat Tomcat Native +1
NVD VulDB
EPSS 4% CVSS 7.4
HIGH This Week

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Tomcat +2
NVD
EPSS 4% CVSS 7.4
HIGH This Week

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Tomcat +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy