Vulners
Lucene search
Apache Tomcat 9.0.113 < 9.0.116 multiple vulnerabilities
10
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(307004);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/17");
script_cve_id(
"CVE-2026-24880",
"CVE-2026-25854",
"CVE-2026-29129",
"CVE-2026-29145",
"CVE-2026-29146",
"CVE-2026-32990"
);
script_name(english:"Apache Tomcat 9.0.113 < 9.0.116 multiple vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote Apache Tomcat server is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The version of Tomcat installed on the remote host is prior to 9.0.116. It is, therefore, affected by multiple
vulnerabilities as referenced in the fixed_in_apache_tomcat_9.0.116_security-9 advisory.
- CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled
vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1
through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from
1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.
Users are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and
9.0.116, which fix the issue. (CVE-2026-29145)
- Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This
issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113
through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the
issue. (CVE-2026-32990)
- Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue
affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through
9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are recommended to upgrade to
version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue. (CVE-2026-29146)
- Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache
Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users
are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue. (CVE-2026-29129)
- Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the
LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from
10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other, unsupported
versions may also be affected Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116,
which fix the issue. (CVE-2026-25854)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c64ade5c");
# https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a62b2609");
# https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a098858f");
# https://github.com/apache/tomcat/commit/6db238562ec36ab1106db4d04843f8b33e7a0c06
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1c54e692");
# https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7672f78b");
# https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f8b4d1ae");
# https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c6ad263e");
# https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?05b4ff56");
script_set_attribute(attribute:"solution", value:
"Upgrade to Apache Tomcat version 9.0.116 or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-29145");
script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2026-29146");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/03/20");
script_set_attribute(attribute:"patch_publication_date", value:"2026/03/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/17");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat:9");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("os_fingerprint.nasl", "tomcat_error_version.nasl", "tomcat_win_installed.nbin", "apache_tomcat_nix_installed.nbin");
script_require_keys("installed_sw/Apache Tomcat");
exit(0);
}
include('vcf_extras.inc');
vcf::tomcat::initialize();
var app_info = vcf::combined_get_app_info(app:'Apache Tomcat');
var constraints = [
{ 'min_version' : '9.0.113', 'max_version' : '9.0.115', 'fixed_version' : '9.0.116' }
];
vcf::check_all_backporting(app_info:app_info);
vcf::check_granularity(app_info:app_info, sig_segments:3);
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Apr 2026 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.19.1
EPSS0.12919
SSVC