82 matches found
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-991301)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991301 advisory. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.For a subset of unlikely rewrite rule configurations, it was possible fo...
tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...
tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...
tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...
tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...
Important: tomcat
Issue Overview: Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could...
tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop via the applysubstitution function in the bsdtar when used with -s pathname-rewrite rules. An attacker can cause excessive memory allocation leading to application crash by supplying malicious input such as an empty patter...
UBUNTU-CVE-2025-55752
Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the...
CLSA-2025-1761576180 Fix CVE(s): CVE-2025-31651
SECURITY UPDATE: Bypassing of some rewrite rules by a specially crafted request - debian/patches/CVE-2025-31651.patch: better handling of URLs - CVE-2025-31651...
Apache Tomcat 安全漏洞
Apache Tomcat is a lightweight Web application server from the American Apache Apache Foundation. Used to implement support for Servlet and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat that stems from a path traversal issue with URL rewrite rules, which could lead to...
BIT-TOMCAT-2025-31651 Apache Tomcat: Bypass of rules in Rewrite Valve
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...
CLSA-2025-1752087582 Fix CVE(s): CVE-2025-31651
SECURITY UPDATE: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability - debian/patches/CVE-2025-31651.patch: Enforces rewrite rules to preventing bypass of security constraints in specific configurations - CVE-2025-31651...
CLSA-2025-1750785145 tomcat: Fix of CVE-2025-31651
CVE-2025-31651: enforces rewrite rules to preventing bypass of security constraints in specific configurations...
CLSA-2025-1750780819 Fix CVE(s): CVE-2025-31651
SECURITY UPDATE: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability - debian/patches/CVE-2025-31651.patch: Enforces rewrite rules to preventing bypass of security constraints in specific configurations - CVE-2025-31651...
Medium: tomcat
Issue Overview: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security...
Important: tomcat10
Issue Overview: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException...
Important: tomcat9
Issue Overview: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException...
Apache Tomcat 9.0.0.M1 < 9.0.104 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.104. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.104security-9 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a...