RockyLinux 10 : tomcat (RLSA-2026:19054)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19054 advisory. tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 Tenable has extracted the preceding description blo...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.15.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.15.jar Vulnerability Details CVEID:CVE-2026-24734 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM po...

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to Improper Input Validation due to Apache Tomcat ( CVE-2026-24734 )

Summary IBM Integration Bus for z/OS is vulnerable to Improper Input Validation due to Apache Tomcat. Vulnerability Details CVEID:CVE-2026-24734 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FF...

openSUSE 16 Security Update : tomcat11 (openSUSE-SU-2026:20414-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20414-1 advisory. Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733:...

openSUSE Security Advisory (SUSE-SU-2026:0932-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2026:0932-1 Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation bypas...

SUSE: Security Advisory (SUSE-SU-2026:0877-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2026:0890-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2026:0890-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0890-1 advisory. Update to Tomcat 10.1.52: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping...

SUSE SLES15 / openSUSE 15 Security Update : tomcat11 (SUSE-SU-2026:0877-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0877-1 advisory. Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping...

SUSE-SU-2026:0877-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation...

CVE-2026-24734

creationtimestamp| type| source ---|---|--- 2026-02-18 07:35:39+00:00| seen| https://bsky.app/profile/shiojiri.com/post/3mf4kxjtp4c2e 2026-02-18 09:40:36+00:00| seen| https://bsky.app/profile/osanpo.bsky.social/post/3mf4rxhluqb2o 2026-02-18 15:05:31+00:00| seen|...

Apache Tomcat 10.1.0.M7 < 10.1.52

The version of Tomcat installed on the remote host is prior to 10.1.52. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.52security-10 advisory. - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder...

Apache Tomcat 9.0.83 < 9.0.115

The version of Tomcat installed on the remote host is prior to 9.0.115. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.115security-9 advisory. - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder,...

CVE-2026-24734

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

Fixed in Apache Tomcat Native Connector 2.0.12 / 1.3.5

Moderate: Incomplete OCSP verification checks CVE-2026-24734 When using an OCSP responder, Tomcat Native did complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. This issue was reported to the Tomcat security team on 2 November...

org.apache.tomee.bom:tomee-microprofile (>=10.0.0 <=10.0.0-M3), org.apache.tomee.bom:tomee-plume (>=10.0.0 <=10.0.0-M3) +2 more potentially affected by CVE-2026-24734 via org.apache.tomcat:tomcat-coyote-ffm (>=10.1.30 <=10.1.49)

org.apache.tomcat:tomcat-coyote-ffm MAVEN version =10.1.30, =10.0.0, =10.0.0, =10.0.0, =10.0.0, =10.1.3 Source cves: CVE-2026-24734 Source advisory: SNYK:JAVA-ORGAPACHETOMCAT-15307823...

Fixed in Apache Tomcat 10.1.52

Moderate: Incomplete OCSP verification checks CVE-2026-24734 When using an OCSP responder, Tomcat's FFM integration with OpenSSL did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. Affects: 10.1.0-M7 to 10.1.51 This issue...

KLA90891 SB vulnerability in Apache Tomcat

Security vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories Fixed in Apache Tomcat 9.0.115 Exploitation Related products Apache-Tomcat CVE list CVE-2026-24734 unknown Solution Update to the latest version...

Fixed in Apache Tomcat 9.0.115

Moderate: Incomplete OCSP verification checks CVE-2026-24734 When using an OCSP responder, Tomcat's FFM integration with OpenSSL did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. Affects: 9.0.83 to 9.0.114 This issue wa...