Lucene search
K

104 matches found

Cvelist
Cvelist
added 5 hours ago7 views

CVE-2026-59083 Apache Tomcat: Incorrect URL decoding in RewriteValve may allow security control bypass

Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.0.M1 through 9.0.119, from 8.5.0...

Exploits0References1
EUVD
EUVD
added 5 hours ago5 views

EUVD-2026-43638

Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.0.M1 through 9.0.119, from 8.5.0...

6.1AI score
Exploits0References1
CVE
CVE
added 5 hours ago11 views

CVE-2026-59083

Summary: CVE-2026-59083 affects Apache Tomcat due to an improper handling of URL encoding (hex encoding) in the RewriteValve , enabling a security constraint bypass under certain configurations. Affected versions: Tomcat 11.0.0-M1 through 11.0.23, 10.1.0-M1 through 10.1.56, 9.0.0.M1 through 9.0.1...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/06 4:18 p.m.5 views

BIT-TOMCAT-2026-53404 Apache Tomcat: Bad ornext processing in RewriteValve

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0...

7.3CVSS5.9AI score0.00413EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/07/01 3:15 a.m.4 views

SUSE CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.9AI score0.00413EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/30 3:1 a.m.12 views

CVE-2026-53404

A flaw was found in Apache Tomcat's rewrite valve. This vulnerability involves an incorrect control flow implementation where, during the processing of rewrite rules, if the first condition in an OR chain matched, subsequent non-OR conditions were unexpectedly skipped. This can lead to unintended...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53404

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent...

7.3CVSS6AI score0.00413EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 9:16 p.m.7 views

DEBIAN-CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 9:16 p.m.22 views

CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

7.3CVSS0.00413EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 9:16 p.m.5 views

UBUNTU-CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References7
CVE
CVE
added 2026/06/29 8:39 p.m.97 views

CVE-2026-53404

Apache Tomcat vulnerability CVE-2026-53404 describes an Always-Incorrect Control Flow in the RewriteValve. If the first condition in an OR chain matches, subsequent non-OR conditions may be skipped, altering rule evaluation. Affected versions include Tomcat 11.0.0-M1–11.0.22, 10.1.0-M1–10.1.55, 9...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/29 8:39 p.m.8 views

CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

7.3CVSS5.7AI score0.00413EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:39 p.m.5 views

CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

5.7AI score0.00413EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/29 8:39 p.m.51 views

CVE-2026-53404 Apache Tomcat: Bad ornext processing in RewriteValve

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

0.00413EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 8:39 p.m.4 views

CVE-2026-53404 Apache Tomcat: Bad ornext processing in RewriteValve

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

7.3CVSS5.9AI score0.00413EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53741

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Description An incorrect control flow implementation...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References20
OSV
OSV
added 2026/05/29 4:3 p.m.11 views

RLSA-2026:18537 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Security constraint bypass for CGI scripts CVE-2025-46701 org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve...

6.5CVSS7AI score0.09917EPSS
Exploits1References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Tomcat9

A Session Fixation vulnerability exists in Apache Tomcat through the rewrite valve. This issue affects Apache Tomcat: versions from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, and from 9.0.0.M1 through 9.0.105. Older, end-of-life versions may also be affected. Users are recommended ...

6.5CVSS5.3AI score0.00775EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 1:41 p.m.14 views

org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve

A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will...

6.5CVSS6.5AI score0.00775EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/19 1:41 p.m.16 views

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.6CVSS7AI score0.09917EPSS
Exploits1References6
Rows per page
Query Builder