The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

Directory Traversal in Apache Tomcat

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat

Apache Tomcat OS Command Injection vulnerability

Apache Tomcat Source Code Disclosure

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

Denial of Service in Apache Tomcat

Apache Tomcat Default Installation Reveals Sensitive Information

Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

Apache Tomcat XSS Vulnerability

Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

Apache Tomcat Denial of Service vulnerability in the Catalina package

Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests

Apache Tomcat information disclosure vulnerability

** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."

Cross-Site Request Forgery in Apache Tomcat

Insufficient Verification of Data Authenticity in Apache Tomcat

The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.