CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

Amazon•added 2026/06/08 12:0 a.m.•8 views

Important: tomcat

Issue Overview: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are...

9.8CVSS6.4AI score0.00996EPSS

Exploits2

Tenable Nessus•added 2026/06/08 12:0 a.m.•11 views

Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2026-1776)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1776 advisory. Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from...

9.8CVSS6.5AI score0.00996EPSS

Exploits2References16

RedhatCVE•added 2026/06/05 7:51 p.m.•11 views

CVE-2026-43513

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions...

7.5CVSS7.1AI score0.00467EPSS

Exploits0References1

OSV•added 2026/06/04 1:15 p.m.•8 views

USN-8383-1 tomcat6, tomcat7 vulnerabilities

It was discovered that Tomcat incorrectly handled digest authentication. A remote attacker could possibly use this issue to bypass authentication restrictions. CVE-2026-43512 It was discovered that Tomcat incorrectly handled case sensitivity in LockOutRealm. A remote attacker could possibly use...

9.8CVSS5.9AI score0.00869EPSS

Exploits2References4

UbuntuCve•added 2026/06/01 12:0 a.m.•7 views

CVE-2026-43513

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in...

7.5CVSS7.1AI score0.00467EPSS

Exploits0References2

OSV•added 2026/05/27 2:47 p.m.•7 views

CLSA-2026-1779893247 Fix of 5 CVEs

SECURITY UPDATE: add case sensitive attribute to LockOutRealm - debian/patches/CVE-2026-43513.patch: add case sensitive attribute to LockOutRealm - CVE-2026-43513 SECURITY UPDATE: fix the handling of invalid users with DIGEST authentication - debian/patches/CVE-2026-43512.patch: fix the handling ...

9.8CVSS6.7AI score0.00869EPSS

Exploits2References1

OSV•added 2026/05/14 11:56 a.m.•7 views

BIT-TOMCAT-2026-43513 Apache Tomcat: LockOutRealm treats user names as case-sensitive

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.0 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions may also...

7.5CVSS5.7AI score0.00467EPSS

Exploits0References3

SUSE CVE•added 2026/05/13 2:21 p.m.•8 views

SUSE CVE-2026-43513

5.4CVSS5.7AI score0.00467EPSS

Exploits0References6

Tenable Nessus•added 2026/05/13 12:0 a.m.•11 views

Linux Distros Unpatched Vulnerability : CVE-2026-43513

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from...

7.5CVSS7.2AI score0.00467EPSS

Exploits0References2

EUVD•added 2026/05/12 6:30 p.m.•7 views

EUVD-2026-29517

5.7AI score0.00467EPSS

Exploits0References3

OSV•added 2026/05/12 6:30 p.m.•4 views

GHSA-5MP6-JRQ3-R938 Apache Tomcat: LockOutRealm treats user names as case-sensitive

7.5CVSS5.7AI score0.00467EPSS

Exploits0References10

Github Security Blog•added 2026/05/12 6:30 p.m.•25 views

Apache Tomcat: LockOutRealm treats user names as case-sensitive

7.5CVSS5.7AI score0.00467EPSS

Exploits0References10Affected Software3

Snyk•added 2026/05/12 5:21 p.m.•7 views

Improper Handling of Case Sensitivity

Overview tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the LockOutRealm function. An attacker can bypass account lockout protections by...

7.5CVSS5.8AI score0.00467EPSS

Exploits0References2

Snyk•added 2026/05/12 5:21 p.m.•11 views

Improper Handling of Case Sensitivity

Overview org.apache.tomcat:catalina is a Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the LockOutRealm function. An attacker can bypass account lockout protections by submitting usernames wit...

7.5CVSS5.8AI score0.00467EPSS

Exploits0References2

NVD•added 2026/05/12 4:16 p.m.•23 views

CVE-2026-43513

7.5CVSS0.00467EPSS

Exploits0References2

OSV•added 2026/05/12 4:16 p.m.•5 views

UBUNTU-CVE-2026-43513

7.5CVSS7.1AI score0.00467EPSS

Exploits0References5

Vulnrichment•added 2026/05/12 3:26 p.m.•12 views

CVE-2026-43513 Apache Tomcat: LockOutRealm treats user names as case-sensitive

5.7AI score0.00467EPSS

Exploits0References1

Debian CVE•added 2026/05/12 3:26 p.m.•9 views

CVE-2026-43513

7.5CVSS5.7AI score0.00467EPSS

Exploits0

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-5668

Malicious code in bioql PyPI...

5.9CVSS7.1AI score0.07683EPSS

Exploits0References53

Veracode•added 2019/01/15 9:16 a.m.•35 views

Timing Attack

tomcat-catalina is vulnerable to timing attacks. When the supplied username does not exist, the Realm implementation will not process the supplied password, making a timing attack possible to determine valid usernames. Note that the default configuration includes the LockOutRealm which makes...

5.9CVSS7.2AI score0.07683EPSS

Exploits0References39Affected Software6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by