CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

Astra Linux - уязвимость в tomcat9

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protections provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...

Unity Linux 20.1060e / 20.1070e Security Update: tomcat (UTSA-2026-017519)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017519 advisory. A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection...

EUVD-2021-1533

Malware in sbrugna...

Apache Tomcat 9.0.0.M1 < 9.0.46

The version of Tomcat installed on the remote host is prior to 9.0.46. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.46security-9 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a val...

Apache Tomcat 8.5.0 < 8.5.66

The version of Tomcat installed on the remote host is prior to 8.5.66. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.66security-8 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a val...

BIT-TOMCAT-2021-30640 Auth weakness in JNDIRealm

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0 to 10.0.5; 9.0.0 to 9.0.45; 8.5.0 to 8.5.65...

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2024-017)

The version of tomcat installed on the remote host is prior to 8.5.69-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2024-017 advisory. 2024-02-15: CVE-2021-30640 was added to this advisory. 2024-02-15: CVE-2021-33037 was added to this advisory. A...

Important: tomcat

Issue Overview: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to...

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-007)

The version of tomcat installed on the remote host is prior to 8.5.69-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-007 advisory. A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid...

Medium: tomcat

Issue Overview: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to...

K35033051: Tomcat vulnerability CVE-2021-30640

Security Advisory Description A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45...

SUSE CVE-2021-30640

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...

GLSA-202208-34 : Apache Tomcat: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-34 Apache Tomcat: Multiple Vulnerabilities - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited...

tomcat: JNDI realm authentication weakness

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...

RHEL 7 / 8 : Red Hat JBoss Web Server 5.6.0 Security (Important) (RHSA-2021:4861)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4861 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.6.0 Security release

Red Hat JBoss Web Server 5.6.0 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which giv...

tomcat: JNDI realm authentication weakness

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...

openSUSE 15 Security Update : tomcat (openSUSE-SU-2021:1490-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1490-1 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to...

Security update for tomcat (moderate)

openSUSE Security Update: Security update for tomcat Announcement ID: openSUSE-SU-2021:1490-1 Rating: moderate References: 1188278 1188279 1190558 Cross-References: CVE-2021-30640 CVE-2021-33037 CVE-2021-41079 CVSS scores: CVE-2021-30640 NVD : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N...