system_id: apache-tomcat
display_name: Apache Tomcat
category: servers
tier: history-full
artifact_mode_preference:
- official-image
- official-source
- synthetic
default_repro_family: authz-bypass-generic
browser_required_default: false
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
services:
  app:
    image: tomcat:10.1
    ports:
    - 18088:8080
source_reference:
- name: Apache Tomcat Security
  kind: html-links
  url: https://tomcat.apache.org/security-10.html
  confidence: official
  advisory_mode: server
  keywords:
  - tomcat
  - cve
  max_items: 80
- name: CISA KEV Tomcat
  kind: kev-json
  url: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
  confidence: official
  advisory_mode: server
  keywords:
  - tomcat