CVE-2026-43515

Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from...

USN-8383-1 tomcat6, tomcat7 vulnerabilities

It was discovered that Tomcat incorrectly handled digest authentication. A remote attacker could possibly use this issue to bypass authentication restrictions. CVE-2026-43512 It was discovered that Tomcat incorrectly handled case sensitivity in LockOutRealm. A remote attacker could possibly use...

Apache Tomcat - Cross-Site Scripting

Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be prese...

Apache Tomcat Tribes EncryptInterceptor Bypass - Remote Code Execution

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. id: CVE-2026-34486 info: name: Apache Tomcat Tribes EncryptInterceptor Bypass - Remote...

Apache Tomcat Examples Web Application - Cross-Site Scripting

Apache Tomcat 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22, and 10.1.0-M1 to 10.1.0-M16 contain a reflected cross-site scripting caused by displaying unfiltered user data in the Form authentication example, letting attackers execute scripts in victim browsers, exploit requires attacke...

Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure

Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true...

Apache Tomcat 4.x-7.x - Cross-Site Scripting

Apache Tomcat 4.x through 7.x contains a cross-site scripting vulnerability which an attacker can use to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. id: CVE-2007-2449 info: name: Apache Tomcat 4.x-7.x - Cross-Site Scripting author:...

Security Bulletin: Vulnerabilities in tomcat affects IBM Netezza Appliance

Summary The tomcat package is used by IBM Netezza Appliance. IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-31651,CVE-2025-55752 Vulnerability Details CVEID:CVE-2025-31651 DESCRIPTION: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat...

Apache Tomcat - HTTP Request Smuggling

Apache Tomcat from versions 8.5.0 to 8.5.93, 9.0.0-M1 to 9.0.81, 10.1.0-M1 to 10.1.13, and 11.0.0-M1 to 11.0.0-M11 contain an improper input validation caused by incorrect parsing of HTTP trailer headers, letting attackers craft headers to cause request smuggling, exploit requires sending malicio...

Jakarta Tomcat 3.1 and 3.0 - Information Disclosure

Jakarta Tomcat 3.1 and 3.0 under Apache contain a vulnerability in the Snoop servlet that reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension, exploit requires remote access. id: CVE-2000-0760 info: name: Jakarta Tomcat 3.1 and 3.0 -...

RockyLinux 10 : tomcat (RLSA-2026:19054)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19054 advisory. tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 Tenable has extracted the preceding description blo...

RockyLinux 10 : tomcat (RLSA-2026:18537)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18537 advisory. tomcat: Apache Tomcat: Security constraint bypass for CGI scripts CVE-2025-46701 org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session...

USN-8369-1: Apache Tomcat Connectors vulnerability

It was discovered that Apache Tomcat Connectors used incorrect default permissions for shared memory on Unix-like systems. A local attacker could possibly use this issue to view or modify modjk configuration data in shared memory, resulting in sensitive information exposure or a denial of service...

ROOT-APP-MAVEN-CVE-2025-31650 CVE-2025-31650 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root

Root has patched CVE-2025-31650 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-34487 CVE-2026-34487 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root

Root has patched CVE-2026-34487 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-55752 CVE-2025-55752 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root

Root has patched CVE-2025-55752 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-43513 CVE-2026-43513 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root

Root has patched CVE-2026-43513 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-43515 CVE-2026-43515 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root

Root has patched CVE-2026-43515 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-61795 CVE-2025-61795 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root

Root has patched CVE-2025-61795 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-25854 CVE-2026-25854 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root

Root has patched CVE-2026-25854 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...