RockyLinux 10 : tomcat (RLSA-2026:19054)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19054 advisory. tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 Tenable has extracted the preceding description blo...

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.15.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.15.jar Vulnerability Details CVEID:CVE-2026-24734 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM po...

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to Improper Input Validation due to Apache Tomcat ( CVE-2026-24734 )

Summary IBM Integration Bus for z/OS is vulnerable to Improper Input Validation due to Apache Tomcat. Vulnerability Details CVEID:CVE-2026-24734 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FF...

SUSE: Security Advisory (SUSE-SU-2026:20926-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 16 Security Update : tomcat11 (openSUSE-SU-2026:20414-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20414-1 advisory. Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733:...

openSUSE Security Advisory (SUSE-SU-2026:0932-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-24734 vulnerabilities

Vulnerabilities for packages: ontop-fips, kayenta-fips, nacos-docker, ontop, nacos, kayenta...

SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2026:0932-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0932-1 advisory. Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping...

SUSE-SU-2026:0932-1 Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation bypas...

openSUSE Security Advisory (SUSE-SU-2026:0890-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2026:0877-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2026:0890-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0890-1 advisory. Update to Tomcat 10.1.52: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping...

K000160337: Apache Tomcat vulnerabilities CVE-2026-24733, CVE-2026-24734 and CVE-2025-66614

Security Advisory Description CVE-2026-24733 Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on...

SUSE SLES15 / openSUSE 15 Security Update : tomcat11 (SUSE-SU-2026:0877-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0877-1 advisory. Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping...

SUSE-SU-2026:0877-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation...

CVE-2026-24734

creationtimestamp| type| source ---|---|--- 2026-02-18 07:35:39+00:00| seen| https://bsky.app/profile/shiojiri.com/post/3mf4kxjtp4c2e 2026-02-18 09:40:36+00:00| seen| https://bsky.app/profile/osanpo.bsky.social/post/3mf4rxhluqb2o 2026-02-18 15:05:31+00:00| seen|...

Apache Tomcat 9.0.83 < 9.0.115

The version of Tomcat installed on the remote host is prior to 9.0.115. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.115security-9 advisory. - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder,...

Apache Tomcat 10.1.0.M7 < 10.1.52

The version of Tomcat installed on the remote host is prior to 10.1.52. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.52security-10 advisory. - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder...

CVE-2026-24734

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...