Lucene search
+L

82 matches found

nessus
nessus
added 2025/12/20 12:0 a.m.8 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-991301)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991301 advisory. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.For a subset of unlikely rewrite rule configurations, it was possible fo...

9.8CVSS7.5AI score0.0418EPSS
Exploits1References4
redhat
redhat
added 2025/12/10 5:7 p.m.5 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

9.8CVSS7.2AI score0.0418EPSS
Exploits1References5
redhat
redhat
added 2025/12/10 2:55 p.m.6 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

9.8CVSS7.2AI score0.0418EPSS
Exploits1References5
redhat
redhat
added 2025/12/10 2:45 p.m.2 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

9.8CVSS7.2AI score0.0418EPSS
Exploits1References5
redhat
redhat
added 2025/12/09 3:22 p.m.8 views

tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE

A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...

7.5CVSS7.7AI score0.66535EPSS
Exploits4References6
redhat
redhat
added 2025/12/09 3:22 p.m.3 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

9.8CVSS7.2AI score0.0418EPSS
Exploits1References5
amazon
amazon
added 2025/11/10 12:0 a.m.7 views

Important: tomcat

Issue Overview: Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could...

7.5CVSS7.9AI score0.66535EPSS
Exploits4
redhat
redhat
added 2025/11/06 4:24 p.m.2 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

9.8CVSS7AI score0.0418EPSS
Exploits1References5
snyk
snyk
added 2025/11/05 3:47 p.m.2 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop via the applysubstitution function in the bsdtar when used with -s pathname-rewrite rules. An attacker can cause excessive memory allocation leading to application crash by supplying malicious input such as an empty patter...

6.8CVSS4.7AI score0.00157EPSS
Exploits1References2
osv
osv
added 2025/10/27 6:15 p.m.4 views

UBUNTU-CVE-2025-55752

Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the...

7.5CVSS7.3AI score0.66535EPSS
Exploits4References6
osv
osv
added 2025/10/27 2:43 p.m.7 views

CLSA-2025-1761576180 Fix CVE(s): CVE-2025-31651

SECURITY UPDATE: Bypassing of some rewrite rules by a specially crafted request - debian/patches/CVE-2025-31651.patch: better handling of URLs - CVE-2025-31651...

9.8CVSS7.3AI score0.0418EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/10/27 12:0 a.m.7 views

Apache Tomcat 安全漏洞

Apache Tomcat is a lightweight Web application server from the American Apache Apache Foundation. Used to implement support for Servlet and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat that stems from a path traversal issue with URL rewrite rules, which could lead to...

7.5CVSS9.3AI score0.66535EPSS
Exploits4References1
osv
osv
added 2025/07/10 10:46 a.m.15 views

BIT-TOMCAT-2025-31651 Apache Tomcat: Bypass of rules in Rewrite Valve

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

9.8CVSS6.9AI score0.0418EPSS
Exploits1References4
osv
osv
added 2025/07/09 6:59 p.m.8 views

CLSA-2025-1752087582 Fix CVE(s): CVE-2025-31651

SECURITY UPDATE: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability - debian/patches/CVE-2025-31651.patch: Enforces rewrite rules to preventing bypass of security constraints in specific configurations - CVE-2025-31651...

9.8CVSS7AI score0.0418EPSS
Exploits1References1
osv
osv
added 2025/06/24 5:12 p.m.9 views

CLSA-2025-1750785145 tomcat: Fix of CVE-2025-31651

CVE-2025-31651: enforces rewrite rules to preventing bypass of security constraints in specific configurations...

9.8CVSS7AI score0.0418EPSS
Exploits1References1
osv
osv
added 2025/06/24 4:0 p.m.7 views

CLSA-2025-1750780819 Fix CVE(s): CVE-2025-31651

SECURITY UPDATE: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability - debian/patches/CVE-2025-31651.patch: Enforces rewrite rules to preventing bypass of security constraints in specific configurations - CVE-2025-31651...

9.8CVSS7AI score0.0418EPSS
Exploits1References1
amazon
amazon
added 2025/05/29 12:0 a.m.9 views

Medium: tomcat

Issue Overview: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security...

9.8CVSS6.7AI score0.0418EPSS
Exploits1
amazon
amazon
added 2025/05/13 12:0 a.m.9 views

Important: tomcat10

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException...

9.8CVSS7.3AI score0.66933EPSS
Exploits6
amazon
amazon
added 2025/05/13 12:0 a.m.9 views

Important: tomcat9

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException...

9.8CVSS7.3AI score0.66933EPSS
Exploits6
nessus
nessus
added 2025/04/30 12:0 a.m.116 views

Apache Tomcat 9.0.0.M1 < 9.0.104 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.104. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.104security-9 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a...

9.8CVSS7.6AI score0.0418EPSS
Exploits1References7
Rows per page
Query Builder