Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

Astra Linux - уязвимость в tomcat9

The Padding Oracle vulnerability exists in Apache Tomcat’s EncryptInterceptor with the default configuration. This issue affects Apache Tomcat: versions 11.0.0-M1 through 11.0.18, 10.0.0-M1 through 10.1.52, 9.0.13 through 9.0.115, 8.5.38 through 8.5.100, and 7.0.100 through 7.0.109. Users are...

Security Bulletin: Vulnerabilities in Apache Tomcat and Lodash might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Apache Tomcat and Lodash. Vulnerabilities include Improper Input Validation vulnerability in Apache Tomcat, Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apach...

RHCOS 2 : node.js (RHSA-2015:1545)

The remote Red Hat Enterprise Linux CoreOS 2 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2015:1545 advisory. - SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack CVE-2014-3566 Note that Nessus has not tested for this issue but has instead...

RHCOS 2 : node.js (RHSA-2015:1546)

The remote Red Hat Enterprise Linux CoreOS 2 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2015:1546 advisory. - SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack CVE-2014-3566 Note that Nessus has not tested for this issue but has instead...

Astra Linux - уязвимость в openssl1.0

In situations where an attacker receives automated notifications of the success or failure of a decryption attempt, an attacker can recover the CMS/PKCS7 transport encryption key after sending a very large number of messages to be decrypted. They can also decrypt any RSA-encrypted message encrypt...

Medium: tomcat

Issue Overview: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0...

JLSEC-2026-218 In situations where an attacker receives automated notification of the success or failure of a...

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

Security update for ovmf (moderate)

openSUSE security update: security update for ovmf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20499-1 Rating: moderate References: bsc1252441 Cross-References: CVE-2025-59438 CVSS scores: CVE-2025-59438 SUSE : 5.5...

SUSE SLES15 Security Update : ovmf (SUSE-SU-2026:1413-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1413-1 advisory. This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error...

Apache Tomcat 10.1.50 < 10.1.53 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.53. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.53security-10 advisory. - CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled...

Security update for ovmf

This update for ovmf fixes the following issue: CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting bsc1252441. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2026:1413-1 Security update for ovmf

This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting bsc1252441...

CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

BIT-TOMCAT-2026-29146 Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0 through 11.0.18, from 10.0.0 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are recommended t...

Updated tomcat packages fix security vulnerabilities

Request smuggling via invalid chunk extension. CVE-2026-24880 Occasionally open redirect. CVE-2026-25854 TLS cipher order is not preserved. CVE-2026-29129 OCSP checks sometimes soft-fail even when soft-fail is disabled. CVE-2026-29145 EncryptInterceptor vulnerable to padding oracle attack by...

MGASA-2026-0095 Updated tomcat packages fix security vulnerabilities

Request smuggling via invalid chunk extension. CVE-2026-24880 Occasionally open redirect. CVE-2026-25854 TLS cipher order is not preserved. CVE-2026-29129 OCSP checks sometimes soft-fail even when soft-fail is disabled. CVE-2026-29145 EncryptInterceptor vulnerable to padding oracle attack by...

SUSE CVE-2026-29146

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

CVE-2026-29146

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...