Lucene search
K

28 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/04 12:0 a.m.9 views

RockyLinux 10 : tomcat9 (RLSA-2025:11332)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:11332 advisory. tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2...

9.8CVSS7.6AI score0.66933EPSS
Exploits18References5
Tenable Nessus
Tenable Nessus
added 2025/07/22 12:0 a.m.11 views

Alibaba Cloud Linux 3 : 0119: tomcat (ALINUX3-SA-2025:0119)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0119 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-56337: Time-of-check Time-of-use...

9.8CVSS7.3AI score0.66933EPSS
Exploits18References3
OSV
OSV
added 2025/07/16 12:0 a.m.11 views

ALSA-2025:11335 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-3165...

9.8CVSS9.2AI score0.66933EPSS
Exploits18References6
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.8 views

TencentOS Server 4: tomcat (TSSA-2024:1139)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1139 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.8CVSS7.2AI score0.43663EPSS
Exploits13References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 7:42 p.m.19 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a Race Condition vulnerability in Apache Tomcat [CVE-2024-56337]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Race Condition vulnerability in Apache Tomcat, due to a case insensitive file system, caused by improper default installation settings CVE-2024-56337. Apache Tomcat is used in our Speech microservices. This vulnerabilitiy has been...

9.8CVSS9.9AI score0.08856EPSS
Exploits13Affected Software1
OpenVAS
OpenVAS
added 2025/04/07 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2025:1126-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.5AI score0.99945EPSS
Exploits58References7
OpenVAS
OpenVAS
added 2025/04/07 12:0 a.m.133 views

openSUSE Security Advisory (SUSE-SU-2025:1126-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.5AI score0.99945EPSS
Exploits58References7
OpenVAS
OpenVAS
added 2025/03/28 12:0 a.m.58 views

openSUSE Security Advisory (SUSE-SU-2025:1024-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.5AI score0.99945EPSS
Exploits58References7
OPENSUSE Linux
OPENSUSE Linux
added 2025/03/16 12:0 a.m.9 views

tomcat10-10.1.35-1.1 on GA media (moderate)

tomcat10-10.1.35-1.1 on GA media Announcement ID: openSUSE-SU-2025:14897-1 Rating: moderate Cross-References: CVE-2004-56337 CVE-2024-56337 CVE-2025-24813 CVSS scores: CVE-2024-56337 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-24813 SUSE : 8.1...

9.2CVSS9.3AI score0.99945EPSS
Exploits58
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 6:44 p.m.27 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in tomcat-embed-core

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of tomcat-embed-core Vulnerability Details CVEID:CVE-2024-56337 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 throu...

9.8CVSS7.1AI score0.08856EPSS
Exploits13Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2024-56337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1...

9.8CVSS6.8AI score0.43663EPSS
Exploits13References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/03 11:19 a.m.23 views

Security Bulletin: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability affects watsonx.data

Summary Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-56337 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from...

9.8CVSS7.2AI score0.08856EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 3:6 p.m.16 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU Race Condition vulnerability in Apache Tomcat [CVE-2024-56337]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat, caused by JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. CVE-2024-56337. Apache Tomcat is used by our...

9.8CVSS9.8AI score0.08856EPSS
Exploits13Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.21 views

Atlassian Confluence 6.10.x < 8.5.19 / 8.6.x < 9.2.1 (CONFSERVER-99216)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-99216 advisory. - Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1,...

9.8CVSS7.1AI score0.43663EPSS
Exploits13References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/20 5:59 a.m.23 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-56337 tomcat-embed-core-10.1.33.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-56337

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-56337 tomcat-embed-core-10.1.33.jar Publicly disclosed vulnerability found by Mend CVE-2024-56337. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

9.8CVSS6.8AI score0.08856EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 9:51 p.m.26 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a remote attack and a race condition vulnerability due to Apache Tomcat (CVE-2024-56337, CVE-2024-52316 and CVE-2024-50379)

Summary IBM Integration Bus for z/OS is vulnerable to a remote attack and a race condition vulnerability due to Apache Tomcat. Vulnerability Details CVEID:CVE-2024-56337 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat:...

9.8CVSS7.1AI score0.43663EPSS
Exploits14Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/01/16 12:0 a.m.28 views

Photon OS 4.0: Apache PHSA-2025-4.0-0729

An update of the apache package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0729. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

9.8CVSS8.4AI score0.43663EPSS
Exploits13References4
F5 Networks
F5 Networks
added 2025/01/10 4:21 a.m.43 views

K000149247: Apache tomcat vulnerability CVE-2024-56337

Security Advisory Description Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users...

9.8CVSS7.7AI score0.08856EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2024/12/23 12:0 a.m.31 views

Apache Tomcat 11.0.0-M1 < 11.0.2 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 to 9.0.97, 10.1.0-M1 to 10.1.33 or 11.0.0-M1 to 11.0.1. It is, therefore, affected by multiple vulnerabilities : - The previous mitigation for CVE-2024-50379 was incomplete. In addition to upgrading to 11.0.2 or later, users...

9.8CVSS9.1AI score0.43663EPSS
Exploits13References4
RedhatCVE
RedhatCVE
added 2024/12/20 5:20 p.m.180 views

CVE-2024-56337

The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...

8.1CVSS9.3AI score0.43663EPSS
Exploits13References5
Rows per page
Query Builder