32 matches found
PT-2026-38794
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise...
Apache Tomcat 11.0.15 < 11.0.20 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 11.0.20. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.20security-11 advisory. - Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the...
BIT-TOMCAT-2026-25854 Apache Tomcat: Occasionally open redirect
Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0 through 11.0.18, from 10.1.0 through 10.1.52, from 9.0.0 through 9.0.115, from 8.5.30 through 8.5.100. Other, unsupported...
BIT-TOMCAT-2026-32990 Apache Tomcat: Fix for CVE-2025-66614 is incomplete
Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116,...
PT-2026-32438
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0 through 11.0.18, from 10.1.0 through 10.1.52, from 9.0.0 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0...
Linux Distros Unpatched Vulnerability : CVE-2026-25854
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat:...
Linux Distros Unpatched Vulnerability : CVE-2026-32990
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through...
Linux Distros Unpatched Vulnerability : CVE-2026-24880
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects...
EUVD-2026-21056
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...
GHSA-69R9-QGR7-G2WJ Apache Tomcat Missing Encryption of Sensitive Data vulnerability
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...
GHSA-563X-Q5RQ-57QP Apache Tomcat has an HTTP Request/Response Smuggling vulnerability
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100,...
Improper Certificate Validation
Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Certificate Validation in getSSLHostConfig, which does not sufficiently account for all protocol host name inputs. An attacker can access sensitive...
Apache Tomcat has an Open Redirect vulnerability
Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...
CVE-2026-29129
Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue...
UBUNTU-CVE-2026-24880
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100,...
UBUNTU-CVE-2026-34486
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...
CVE-2026-34486
CVE-2026-34486 is a Tomcat Tribes EncryptInterceptor regression: when decryption fails, the code path previously moved super.messageReceived(msg) outside the try block, causing raw serialized bytes to bypass encryption and reach deserialization, enabling unauthenticated RCE via Java deserializati...
CVE-2026-34486 Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...
CVE-2026-32990 Apache Tomcat: Fix for CVE-2025-66614 is incomplete
Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116,...
CVE-2026-32990 Apache Tomcat: Fix for CVE-2025-66614 is incomplete
Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116,...