Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago6 views

Apache Tomcat 11.0.0.M1 < 11.0.23 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 11.0.23. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.23security-11 advisory. - Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the...

9.1CVSS6AI score0.00413EPSS
Exploits0References14
OSV
OSV
added 2026/05/12 4:16 p.m.4 views

DEBIAN-CVE-2026-43512

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported...

9.8CVSS5.7AI score0.01233EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 7:36 p.m.2 views

CVE-2026-34487

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. User...

5.8AI score0.00447EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-31711

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.20, 10.1.0-M1 through 10.1.53, and 9.0.40 through 9.0.116 Description A flaw exists within the JsonAccessLogValve component of Apache Tomcat related to improper encoding or escaping of output...

9.8CVSS5.8AI score0.15831EPSS
Exploits5References127
OpenVAS
OpenVAS
added 2025/08/19 12:0 a.m.4 views

Apache Tomcat Session Fixation Vulnerability (Aug 2025) - Linux

Apache Tomcat is prone to a session fixation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if...

6.5CVSS7.2AI score0.00775EPSS
Exploits0References1
OSV
OSV
added 2025/08/18 8:14 a.m.2 views

BIT-TOMCAT-2025-55668 Apache Tomcat: session fixation via rewrite valve

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.0 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.10...

6.5CVSS6.8AI score0.00775EPSS
Exploits0References3
Apache Tomcat
Apache Tomcat
added 2025/08/06 12:0 a.m.15 views

Fixed in Apache Tomcat 11.0.10

Important: DoS in HTTP/2 due to client triggered stream reset CVE-2025-48989 Tomcat's HTTP/2 implementation was vulnerable to the made you reset attack. The denial of service typically manifested as an OutOfMemoryError. This was fixed with commit f362c8eb. This issue was reported to the ASF...

7.5CVSS6.6AI score0.03389EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/06/16 12:0 a.m.4 views

Apache Tomcat 安全漏洞

Apache Tomcat is a lightweight Web application server from the American Apache Apache Foundation. It is used to implement support for Servlets and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat that stems from the installer not specifying the full path when using icacls.exe...

8.4CVSS7.4AI score0.00347EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/11/18 12:0 a.m.10 views

Apache Tomcat 11.0.0-M1 < 11.0.0 / 11.0.0-M23 < 11.0.0 Multiple Vulnerabilities

Binary data 701493.pasl...

9.8CVSS7.3AI score0.06287EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2024/07/04 12:0 a.m.40 views

Apache Tomcat DoS Vulnerability (Jul 2024) - Windows

Apache Tomcat is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; ...

7.5CVSS7.6AI score0.04602EPSS
Exploits0References4
NVD
NVD
added 2024/03/13 4:15 p.m.63 views

CVE-2024-24549

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been...

7.5CVSS7.6AI score0.23072EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2024/03/13 12:0 a.m.32 views

Apache Tomcat Multiple DoS Vulnerabilities (Mar 2024) - Linux

Apache Tomcat is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.4AI score0.23072EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2024/01/11 12:0 a.m.35 views

Oracle Linux 8 : tomcat (ELSA-2024-0125)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0125 advisory. - Open Redirect vulnerability in FORM authentication CVE-2023-41080 - FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 ...

6.1CVSS7.4AI score0.05972EPSS
Exploits2References5
OSV
OSV
added 2023/10/10 6:15 p.m.46 views

CVE-2023-42795

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...

5.3CVSS7.5AI score
Exploits0References6
NVD
NVD
added 2023/08/25 9:15 p.m.25 views

CVE-2023-41080

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may als...

6.1CVSS7AI score0.05972EPSS
Exploits0References5
Rows per page
Query Builder