44 matches found
CLEANSTART-2026-MR27796 Security fixes for CVE-2022-23181, CVE-2022-29885, CVE-2022-34305, CVE-2022-42252, CVE-2022-45143, CVE-2023-24998, CVE-2023-28708, CVE-2025-31650, CVE-2025-31651 applied in versions: 10.1.53-r0, 9.0.58-r0, 9.0.63-r0, 9.0.64-r0, 9.0.68-r0, 9.0.70-r0, 9.0.71-r0, 9.0.73-r0, 9.0.80-r0
Multiple security vulnerabilities affect the tomcat10 package. These issues are resolved in later releases. See references for individual vulnerability details...
Security Bulletin: Vulnerabilities in Linux Kernel, MongoDB and Tomcat affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in MongoDB, Tomcat and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, remote execution of arbitrary code and bypassing security restrictions, a...
Important: Red Hat Security Advisory: pki-deps:10.6 security update
An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A...
Important: Red Hat Security Advisory: pki-deps:10.6 security update
An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
MiracleLinux 9 : tomcat-9.0.87-6.el9_7.1 (AXSA:2025-11556:10)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11556:10 advisory. tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve CVE-2025-31651 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversa...
Alibaba Cloud Linux 3 : 0193: tomcat (ALINUX3-SA-2025:0193)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0193 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-31651: Improper Neutralization of...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1.10)
The version of AOS installed on the remote host is prior to 7.0.1.10. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.0.1.10 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely...
AlmaLinux 8 : tomcat (ALSA-2025:23048)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23048 advisory. tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve CVE-2025-31651 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via...
RLSA-2025:23049 Important: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve CVE-2025-31651 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE...
RHEL 8 : tomcat (RHSA-2025:23045)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23045 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat:...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.10.1.11)
The version of AOS installed on the remote host is prior to 6.10.1.11. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.10.1.11 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 6.1.3 release and security update
Red Hat JBoss Web Server 6.1.3 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives ...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerabilities in Apache Tomcat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Debian: Security Advisory (DLA-4244-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : tomcat (SUSE-SU-2025:01882-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:01882-1 advisory. - CVE-2025-31651: Better handling of URLs with literal ';' and '?' bsc1242009. Tenable has extracted the preceding description block directly from the...
SUSE-SU-2025:01882-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2025-31651: Better handling of URLs with literal ';' and '?' bsc1242009...
SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-el-3_0-api / etc (SUSE-SU-2025:01521-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01521-1 advisory. Update to Tomcat 9.0.104 - CVE-2025-31650: invalid priority field values should be ignored bsc1242008 - CVE-2025-31651: Better...
SUSE-SU-2025:01521-1 Security update for tomcat
This update for tomcat fixes the following issues: Update to Tomcat 9.0.104 - CVE-2025-31650: invalid priority field values should be ignored bsc1242008 - CVE-2025-31651: Better handling of URLs with literal ';' and '?' bsc1242009 Full changelog:...
K000151411: Apache Tomcat vulnerability CVE-2025-31651
Security Advisory Description CVE-2025-31650 Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger a...
Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Encoding or Escaping of Output vulnerability (CVE-2025-31651) and an Improper Input Validation vulnerability (CVE-2025-31651).
Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Encoding or Escaping of Output vulnerability CVE-2025-31651 and an Improper Input Validation vulnerability CVE-2025-31651. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerabilities...