Lucene search
K

70 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/04 12:0 a.m.8 views

RockyLinux 9 : tomcat (RLSA-2025:11335)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:11335 advisory. tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2...

9.8CVSS7.6AI score0.66933EPSS
Exploits18References5
Tenable Nessus
Tenable Nessus
added 2025/10/04 12:0 a.m.8 views

RockyLinux 10 : tomcat9 (RLSA-2025:11332)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:11332 advisory. tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2...

9.8CVSS7.6AI score0.66933EPSS
Exploits18References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/05 3:40 p.m.27 views

Security Bulletin: IBM Guardium Data Protection is affected by multiple Tomcat vulnerabilities (CVE-2025-24813, CVE-2024-50379)

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files...

10CVSS9.9AI score0.99945EPSS
Exploits58Affected Software1
OSV
OSV
added 2025/07/29 1:38 p.m.11 views

RLSA-2025:11333 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-3165...

8.1CVSS7.7AI score0.66933EPSS
Exploits18References3
Rockylinux
Rockylinux
added 2025/07/29 1:38 p.m.9 views

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages...

9.8CVSS7AI score0.66933EPSS
Exploits18
Tenable Nessus
Tenable Nessus
added 2025/07/17 12:0 a.m.7 views

RHEL 8 : tomcat (RHSA-2025:11382)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:11382 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incomplete fix for...

9.8CVSS7.7AI score0.66933EPSS
Exploits18References6
OSV
OSV
added 2025/07/16 12:0 a.m.11 views

ALSA-2025:11335 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-3165...

9.8CVSS9.2AI score0.66933EPSS
Exploits18References6
Tenable Nessus
Tenable Nessus
added 2025/07/16 12:0 a.m.8 views

RHEL 9 : tomcat (RHSA-2025:11335)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:11335 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incomplete fix for...

9.8CVSS7.7AI score0.66933EPSS
Exploits18References6
Tenable Nessus
Tenable Nessus
added 2025/07/16 12:0 a.m.8 views

RHEL 9 : tomcat (RHSA-2025:11334)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:11334 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incomplete fix for...

9.8CVSS7.7AI score0.66933EPSS
Exploits18References6
AlmaLinux
AlmaLinux
added 2025/07/16 12:0 a.m.10 views

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-3165...

9.8CVSS9.3AI score0.66933EPSS
Exploits18References6
OSV
OSV
added 2025/07/10 10:46 a.m.32 views

BIT-TOMCAT-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.1, from 10.1.0 through 10.1.33, from 9.0.0 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0...

9.8CVSS6.7AI score0.43663EPSS
Exploits13References5
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.8 views

TencentOS Server 4: tomcat (TSSA-2024:1139)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1139 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.8CVSS7.2AI score0.43663EPSS
Exploits13References4
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.13 views

TencentOS Server 3: tomcat (TSSA-2025:0304)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0304 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

10CVSS8.8AI score0.99945EPSS
Exploits58References3
RedHat Linux
RedHat Linux
added 2025/05/08 12:17 p.m.5 views

tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...

9.8CVSS7.6AI score0.43663EPSS
Exploits13References6
RedHat Linux
RedHat Linux
added 2025/05/08 12:17 p.m.16 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.4 release and security update

An update is now available for Red Hat JBoss Web Server 5.8 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS7AI score0.66933EPSS
Exploits18References4
RedHat Linux
RedHat Linux
added 2025/05/08 12:15 p.m.21 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.4 release and security update

Red Hat JBoss Web Server 5.8.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CV...

9.8CVSS7AI score0.66933EPSS
Exploits18References4
Tenable Nessus
Tenable Nessus
added 2025/05/08 12:0 a.m.15 views

RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.8.4 (RHSA-2025:4521)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4521 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...

9.8CVSS7.7AI score0.66933EPSS
Exploits18References7
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 7:45 p.m.19 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a Race Condition vulnerability in Apache Tomcat [CVE-2024-50379]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Race Condition vulnerability in Apache Tomcat, due to a case insensitive file system, caused by improper default installation settings CVE-2024-50379. Apache Tomcat is used in our Speech microservices. This vulnerabilitiy has been...

9.8CVSS9.8AI score0.43663EPSS
Exploits13Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/04/13 12:0 a.m.19 views

RHEL 9 : tomcat (RHSA-2025:3647)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3647 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: RCE due to TOCTOU...

10CVSS8.6AI score0.99945EPSS
Exploits58References7
Tenable Nessus
Tenable Nessus
added 2025/04/13 12:0 a.m.20 views

RHEL 8 : tomcat (RHSA-2025:3683)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3683 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: RCE due to TOCTOU...

10CVSS8.6AI score0.99945EPSS
Exploits58References7
Rows per page
Query Builder