Lucene search
K

19 matches found

OSV
OSV
added 2026/06/24 1:58 p.m.8 views

ROOT-APP-MAVEN-CVE-2025-66614 CVE-2025-66614 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root

Root has patched CVE-2025-66614 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...

9.1CVSS5.8AI score0.00235EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux - уязвимость в tomcat9

There is a vulnerability in input validation in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: versions 11.0.15 through 11.0.19, 10.1.50 through 10.1.52, and 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53, or...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.8 views

RHEL 10 / 8 / 9 : Red Hat JBoss Web Server 6.2.2 (RHSA-2026:12194)

The remote Redhat Enterprise Linux 10 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:12194 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised ...

9.1CVSS6AI score0.00494EPSS
Exploits0References10
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/23 12:0 a.m.11 views

Security update for tomcat10 (important)

openSUSE security update: security update for tomcat10 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20612-1 Rating: important References: bsc1258371 bsc1261850 bsc1261851 bsc1261852 bsc1261853 bsc1261854 bsc1261855 bsc1261856 bsc1261857...

8.7CVSS7.4AI score0.21691EPSS
Exploits6References9
Github Security Blog
Github Security Blog
added 2026/04/09 9:31 p.m.9 views

Apache Tomcat has an Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116,...

5.3CVSS7.2AI score0.00307EPSS
Exploits0References10Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 3:28 p.m.7 views

Security Bulletin: Vulnerabilities in Apache Tomcat Server (CVE-2025-61795, CVE-2025-66614, CVE-2026-24733, CVE-2026-24734) affect Power HMC.

Summary The Apache Tomcat Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-61795 DESCRIPTION: Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits...

9.1CVSS5.8AI score0.01139EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.7 views

Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2026-1497)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1497 advisory. mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions...

9.1CVSS7AI score0.00498EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/03/29 12:0 a.m.3 views

openSUSE 16 Security Update : tomcat11 (openSUSE-SU-2026:20414-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20414-1 advisory. Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733:...

9.1CVSS7AI score0.00498EPSS
Exploits0References10
Amazon
Amazon
added 2026/03/27 12:0 a.m.8 views

Important: tomcat9

Issue Overview: mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through...

9.1CVSS6.9AI score0.00498EPSS
Exploits0
OSV
OSV
added 2026/03/25 8:22 a.m.10 views

CLSA-2026-1774426919 Fix CVE(s): CVE-2025-66614

SECURITY UPDATE: SNI hostname not stored for NIO2 and APR connectors - debian/patches/CVE-2025-66614.patch: store SNI hostname for NIO2 and APR connections so that SNI checks are not bypassed - CVE-2025-66614...

9.1CVSS5.8AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.7 views

PT-2026-31702

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.15 through 11.0.19 Apache Tomcat versions 10.1.50 through 10.1.52 Apache Tomcat versions 9.0.113 through 9.0.115 Description Improper Input Validation occurs due to an incomplete fix of a previous security issue...

7.5CVSS8.6AI score0.21691EPSS
Exploits6References81
OpenVAS
OpenVAS
added 2026/03/23 12:0 a.m.5 views

openSUSE Security Advisory (SUSE-SU-2026:0932-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS5.8AI score0.00498EPSS
Exploits0References6
OSV
OSV
added 2026/03/19 10:26 a.m.8 views

SUSE-SU-2026:0932-1 Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation bypas...

9.1CVSS7.4AI score0.00498EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.4 views

SUSE: Security Advisory (SUSE-SU-2026:0877-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS5.8AI score0.00498EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.4 views

openSUSE Security Advisory (SUSE-SU-2026:0890-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS5.8AI score0.00498EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/14 12:0 a.m.6 views

SUSE SLES15: tomcat10 / tomcat10-admin-webapps / tomcat10-doc / etc (SUSE-SU-2026:0890-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0890-1 advisory. Update to Tomcat 10.1.52: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping...

9.1CVSS7.1AI score0.00498EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.3 views

SUSE SLES15 / openSUSE 15 Security Update : tomcat11 (SUSE-SU-2026:0877-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0877-1 advisory. Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping...

9.1CVSS7AI score0.00498EPSS
Exploits0References11
OSV
OSV
added 2026/03/12 5:39 a.m.7 views

SUSE-SU-2026:0877-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation...

9.1CVSS5.6AI score0.00498EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/02/17 6:48 p.m.57 views

CVE-2025-66614 Apache Tomcat: Client certificate verification bypass due to virtual host mapping

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...

0.00235EPSS
Exploits0References1
Rows per page
Query Builder