Endpoint Vulnerability

Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability

Description

Apache Tomcat Realm implementations (6.0-9.0.0.M9) allow timing attacks to enumerate valid usernames because non-existent users skip password processing, enabling information disclosure.

Affected Applications

Apache Tomcat

Version Updates

Date	Version	Status	Detail
2026-02-21	2.00700	New	Apache Tomcat
2024-01-16	2.00348	Modified	Apache Tomcat
2021-12-07	2.00079	Modified	Apache Tomcat
2020-02-21	2.00048	New	Apache Tomcat
2019-02-05	1.00034	Modified	Apache Tomcat
2019-01-03	1.00033	Modified	Apache Tomcat