RockyLinux 8 : tomcat (RLSA-2025:11333)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:11333 advisory. tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2...

BIT-TOMCAT-2024-34750 Apache Tomcat: HTTP/2 excess header handling DoS

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages...

OESA-2025-1895 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Concurrent Execution using Shar...

NewStart CGSL MAIN 7.02 : httpd Multiple Vulnerabilities (NS-SA-2025-0132)

The remote NewStart CGSL host, running version MAIN 7.02, has httpd packages installed that are affected by multiple vulnerabilities: - Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications...

NewStart CGSL MAIN 7.02 : nghttp2 Multiple Vulnerabilities (NS-SA-2025-0134)

The remote NewStart CGSL host, running version MAIN 7.02, has nghttp2 packages installed that are affected by multiple vulnerabilities: - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wil...

[SECURITY] [DLA 4244-1] tomcat9 security update

Debian LTS Advisory DLA-4244-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany July 22, 2025 https://wiki.debian.org/LTS Package : tomcat9 Version : 9.0.107-0+deb11u1 CVE ID : CVE-2024-34750 CVE-2024-54677 CVE-2025-31650 CVE-2025-31651 CVE-2025-46701 CVE-2025-4897...

Debian dla-4244 : libtomcat9-embed-java - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4244 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4244-1 [email protected]...

BIT-TOMCAT-2024-24549 Apache Tomcat: HTTP/2 header handling DoS

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been...

BIT-TOMCAT-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

BIT-TOMCAT-2025-53506 Apache Tomcat: DoS via excessive h2 streams at connection start

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0 through 11.0.8, from 10.1.0 through 10.1.42, from 9.0.0 through...

BIT-APACHE-2025-49630 Apache HTTP Server: mod_proxy_http2 denial of service

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with...

tomcat security update

1:9.0.87-1.el810.4 - Resolves: RHEL-91761 tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-31650 - Resolves: RHEL-71971 tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337...

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-3165...

Security Bulletin: IBM QRadar SIEM protocols are affected by denial of service.

Summary gRPC is affected by denial of service and connection termination issues due to flaws in request parsing and protocol handling. These issues may result in excessive resource consumption or unexpected disruptions in service availability. Vulnerability Details CVEID:CVE-2023-33953 DESCRIPTIO...

Denial Of Service (DoS)

org.apache.tomcat:tomcat-coyote is vulnerable to Denial Of Service DoS. The vulnerability is due to failure to handle cases where an HTTP/2 client does not acknowledge the initial settings frame, allowing excessive concurrent streams and leading to resource exhaustion...

CVE-2025-49630

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS. Mitigation No mitigation is currently available that meets Red Hat...

Race Condition Vulnerability

org.apache.tomcat, tomcat-util is vulnerable to Race Condition Vulnerability. The vulnerability is due to improper synchronization in the APR/Native connector when handling client-initiated HTTP/2 connection closures, which allows an attacker to exploit race conditions potentially leading to...

FreeBSD : Apache Tomcat -- Multiple Vulnerabilities (ef87346f-5dd0-11f0-beb2-ac5afc632ba3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ef87346f-5dd0-11f0-beb2-ac5afc632ba3 advisory. [email protected] reports: A race condition on connection close could trigger a JVM crash wh...

Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1...