Medium: tomcat

🗓️ 30 Apr 2026 00:00:00Reported by AmazonType

Tomcat vulnerabilities include HTTP request smuggling, open redirect, cipher order, client certificate soft fail, and padding oracle.

Reporter	Title	Published	Views	Family All 419
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM DataStax Enterprise	27 May 202617:14	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for April 2026	30 Apr 202611:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar	13 May 202616:45	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat might affect IBM Storage Defender Copy Data Management	4 May 202616:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat	14 May 202614:09	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat and Lodash might affect IBM Storage Defender Copy Data Management	4 May 202616:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in pygments-2.19.2-py3-none-any.whl	17 Jun 202615:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar	17 Jun 202615:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple issues in tomcat-embed-core [CVE-2026-24880, CVE-2026-25854, CVE-2026-29129, CVE-2026-29145, CVE-2026-29146, CVE-2026-32990, CVE-2026-34483, CVE-2026-34487, CVE-2026-3450]	18 Jun 202619:57	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DevOps Deploy / UrbanCode Deploy (UCD) is affected by a HTTP Request/Response Smuggling vulnerablity in Apache Tomcat (CVE-2026-24880)	19 Jun 202614:43	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	any	tomcat	9.0.117-1.amzn2.0.1	tomcat-9.0.117-1.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	tomcat-admin-webapps	9.0.117-1.amzn2.0.1	tomcat-admin-webapps-9.0.117-1.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	tomcat-docs-webapp	9.0.117-1.amzn2.0.1	tomcat-docs-webapp-9.0.117-1.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	tomcat-el-3.0-api	9.0.117-1.amzn2.0.1	tomcat-el-3.0-api-9.0.117-1.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	tomcat-jsp-2.3-api	9.0.117-1.amzn2.0.1	tomcat-jsp-2.3-api-9.0.117-1.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	tomcat-jsvc	9.0.117-1.amzn2.0.1	tomcat-jsvc-9.0.117-1.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	tomcat-lib	9.0.117-1.amzn2.0.1	tomcat-lib-9.0.117-1.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	tomcat-servlet-4.0-api	9.0.117-1.amzn2.0.1	tomcat-servlet-4.0-api-9.0.117-1.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	tomcat-webapps	9.0.117-1.amzn2.0.1	tomcat-webapps-9.0.117-1.amzn2.0.1.noarch.rpm

30 Apr 2026 00:00Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.19.1

EPSS0.03645

SSVC