CVE-2026-55957

CVE-2026-55957 describes an authentication bypass in Apache Tomcat when JNDIRealm authenticates binds using GSSAPI, due to a missing critical step. Affected versions: Tomcat 11.0.0-M1 to 11.0.4; 10.1.0-M1 to 10.1.36; 9.0.0.M1 to 9.0.100; 8.5.0 to 8.5.100; 7.0.0 to 7.0.109. Upstream fixes are avai...

ROS-20250424-14

Vulnerability in Apache Tomcat application server's JNDIRealm module implementation is related to flaws in the authentication mechanism. authentication mechanism. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information. Unauthorized...

SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2025:1126-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1126-1 advisory. - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 - Update t...

SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2025:1024-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1024-1 advisory. - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 Other fixe...

CVE-2021-30640 Auth weakness in JNDIRealm

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...