PT-2025-43435

Name of the Vulnerable Software and Affected Versions libsoup versions prior to 3.6.5-1ubuntu0.3 Description The libsoup library contains a flaw in its asynchronous message queue handling, specifically when managing HTTP/2 communications. When network operations are aborted at certain times, an...

Oracle WebLogic Server (October 2025 CPU)

The 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2025 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Centralized...

[SECURITY] Fedora 41 Update: mod_http2-2.0.35-1.fc41

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

Oracle Fusion Middleware 安全漏洞

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collections, and other capabilities. A security vulnerability exists in Oracle WebLogic Server versions...

EUVD-2025-34649

When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-58120

When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-55669

When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-55669

CVE-2025-55669 affects BIG-IP, specifically the HTTP/2 vulnerability impacting the Advanced WAF/ASM stack. Undisclosed traffic can terminate the Traffic Management Microkernel (TMM), causing DoS on new connections. Connected advisories list vulnerable branches and fixes: for BIG-IP ASM the fix is...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A security vulnerability exists in the F5 BIG-IP that originates when configuring security policies and server-side HTTP/2 profiles, where...

F5 Networks BIG-IP : BIG-IP HTTP/2 vulnerability (K000150752)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6 / 17.1.2.2. It is, therefore, affected by a vulnerability as referenced in the K000150752 advisory. When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual...

AlmaLinux 10 : tomcat9 (ALSA-2025:11332)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11332 advisory. tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2...

AlmaLinux 10 : tomcat9 (ALSA-2025:14178)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:14178 advisory. tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2025:03462-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03462-1 advisory. Update to Firefox Extended Support Release 140.3.1 ESR bsc1250452. - Improved reliability when HTTP/3...

Fedora 42 : mod_http2 (2025-40b7d151db)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-40b7d151db advisory. - version update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Unity Linux 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-986134)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986134 advisory. Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This wa...

Unity Linux 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-986128)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986128 advisory. Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitte...

RockyLinux 10 : tomcat9 (RLSA-2025:14178)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:14178 advisory. tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125...

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages...

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages...

RockyLinux 10 : tomcat9 (RLSA-2025:11332)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:11332 advisory. tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2...