JULI logging component in Apache Tomcat does not restrict certain permissions for web applications

Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat

Exposure of Sensitive Information in Apache Tomcat

Apache Tomcat does not follow ServletSecurity annotations

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Apache Tomcat Path Traversal Vulnerability

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Apache Tomcat improperly escapes input from JsonErrorReportValve

Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.

Apache Tomcat Allows Replacing of XML Parser

Apache Tomcat Improper Input Validation vulnerability

Apache Tomcat Leaks Pathname Information via Error Message

** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."

Apache Tomcat Request and/or response mix-up

Apache Tomcat Does Not Properly Handle Empty Requests

Apache Tomcat allows remote attackers to read JSP source files

The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.