CVE-2026-24733

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...

CVE-2026-24733

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...

PT-2026-20316

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.14 Apache Tomcat versions 10.1.0-M1 through 10.1.49 Apache Tomcat versions 9.0.0-M1 through 9.0.112 Older, End-of-Life EOL versions are also affected Description Apache Tomcat does not properly lim...

PT-2022-28166 · Unknown · Http-Swagger

Name of the Vulnerable Software and Affected Versions: http-swagger versions prior to 1.2.6 Description: The issue allows an attacker to perform a denial-of-service DOS attack consisting of memory exhaustion on the host system and cross-site scripting XSS attacks by uploading malicious files. Thi...