Tomcat
by Apache
Take action — actively targeted
Tomcat is actively targeted by attackers. A significant proportion of its known vulnerabilities are being exploited.
What to do
- Apply all available updates immediately
- Review your exposure — is this internet-facing?
- Monitor vendor advisories for this product
What Attackers Target
Vulnerabilities with high exploit probability
38.9%
Confirmed actively exploited (CISA)
5.3%
Public exploit code available
3.5%
Based on 113 known vulnerabilities. Percentages show the proportion that are actively dangerous — a low percentage means most vulnerabilities in this product are not being exploited.
Most Dangerous Vulnerabilities
| CVE | CVSS | Exploit Probability | Confirmed |
|---|---|---|---|
| CVE-2020-1938 | 9.8 | 94.5% | Yes |
| CVE-2023-44487 | 7.5 | 94.4% | Yes |
| CVE-2017-12617 | 8.1 | 94.4% | Yes |
| CVE-2017-12615 | 8.1 | 94.2% | Yes |
| CVE-2025-24813 | 9.8 | 94.2% | Yes |
| CVE-2019-0232 | 8.1 | 94.1% | — |
| CVE-2016-8735 | 9.8 | 93.8% | Yes |
| CVE-2020-9484 | 7.0 | 93.3% | — |
| CVE-2020-13935 | 7.5 | 91.7% | — |
| CVE-2017-12616 | 7.5 | 91.4% | — |
| CVE-2024-50379 | 9.8 | 86.5% | — |
| CVE-2018-11784 | 4.3 | 82.6% | — |
| CVE-2024-21733 | 5.3 | 73.4% | — |
| CVE-2019-10072 | 7.5 | 71.3% | — |
| CVE-2019-0199 | 7.5 | 65.6% | — |
| CVE-2024-24549 | 7.5 | 64.4% | — |
| CVE-2023-45648 | 5.3 | 59.5% | — |
| CVE-2022-29885 | 7.5 | 55.5% | — |
| CVE-2021-24122 | 5.9 | 52.6% | — |
| CVE-2023-46589 | 7.5 | 51.4% | — |
56
/ 100
high-risk
Active Threat
50/50 · Critical
Exploit Availability
6/50 · Minimal
Score uses Wilson score intervals to account for sample size. Products with few CVEs are scored conservatively.