Exploit for Missing Encryption of Sensitive Data in Apache Tomcat

CVE-2026-34486-Tribes Apache Tomcat Tribes cluster communicat...

Exploit for Missing Encryption of Sensitive Data in Apache Tomcat

CVE-2026-34486 — Apache Tomcat EncryptInterceptor RCE Apa...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of Kubernetes bearer tokens being printed in logs of the cloud membership for clustering module. Remediation Upgrade org.apache.tomcat:tomcat-tribes to version 9.0.117, 10.1.5...

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data in the EncryptInterceptor's messageReceived method. An attacker can gain unauthorized access to sensitive data by bypassing EncryptInterceptor to intercept unencrypted communications. Note: This is d...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the EncryptInterceptor class, which defaults to CBC mode. An attacker can obtain sensitive information via padding oracle. Remediation Upgrade org.apache.tomcat:tomcat-tribes to versio...