18 matches found
MiracleLinux 9 : tomcat-9.0.87-3.el9_6.3 (AXSA:2025-10779:06)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10779:06 advisory. tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-4912...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in Apache Tomcat [CVE-2025-53506]
Summary IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in Apache Tomcat, occuring when the HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams CVE-2025-53506. Apache Tomcat is used in our...
tomcat9 security update
An update is available for tomcat9. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Tomcat is the servlet container that is used in the official Reference...
Atlassian Jira Service Management Data Center and Server 5.12.x < 5.12.26 / 5.13.x < 10.3.9 / 10.4.x < 10.7.3 / 11.0.x < 11.0.1 DoS (JSDSERVER-16369)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16369 advisory. - Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not...
SUSE: Security Advisory (SUSE-SU-2025:02978-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
K000152908: Apache Tomcat vulnerabilities CVE-2025-52434 and CVE-2025-53506
Security Advisory Description CVE-2025-52434 Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issu...
Photon OS 5.0: Apache PHSA-2025-5.0-0565
An update of the apache package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0565. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
OESA-2025-1895 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Concurrent Execution using Shar...
Debian: Security Advisory (DLA-4244-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-53506 vulnerabilities
Vulnerabilities for packages: tomcat...
CVE-2025-53506
A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service. Mitigation Mitigation for thi...
CVE-2025-53506
Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1...
Apache Tomcat 11.0.0.M1 < 11.0.9 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 11.0.9. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.9security-11 advisory. - The vulnerability exists due to overflow in file upload limit. A remote attacker can send specially...
CVE-2025-53506
creationtimestamp| type| source ---|---|--- 2025-07-09 15:58:37+00:00| seen| https://bsky.app/profile/thedailytechfeed.com/post/3ltk6n4cbyk2d 2025-07-10 18:12:21+00:00| seen| https://seclists.org/oss-sec/2025/q3/31 2025-07-10 20:36:11+00:00| seen|...
Apache Tomcat Multiple DoS Vulnerabilities (Jul 2025) - Linux
Apache Tomcat is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache Tomcat Multiple DoS Vulnerabilities (Jul 2025) - Windows
Apache Tomcat is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
KLA85813 Multiple vulnerabilities in Apache Tomcat
Multiple vulnerabilities were found in Apache Tomcat. Malicious users can exploit these vulnerabilities to cause denial of service. Original advisories Apache Tomcat 9.x vulnerabilities Related products Apache-Tomcat CVE list CVE-2025-52434 critical CVE-2025-52520 critical CVE-2025-53506 critical...
Fixed in Apache Tomcat 11.0.9
Low: DoS due to overflow in file upload limit CVE-2025-52520 For some unlikely configurations of multipart upload, an Integer Overflow vulnerability could lead to a DoS via bypassing of size limits. This was fixed with commit a51e4bed. This issue was reported to the Tomcat security team on 7 June...