181 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-55956
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission...
Apache Tomcat 10.1.0.M1 < 10.1.39
The version of Tomcat installed on the remote host is prior to 10.1.39. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.39security-10 advisory. - Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to...
CVE-2026-55957
Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...
Astra Linux – Vulnerability in Tomcat9
Improper neutralization of escape, meta, or control sequence vulnerabilities in Apache Tomcat. For a subset of uncommon rewrite rule configurations, it was possible for a specially crafted request to bypass certain rewrite rules. If those rewrite rules effectively enforced security constraints,...
K000161603: Apache Tomcat vulnerability CVE-2026-32990
Security Advisory Description Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to versio...
Astra Linux – Vulnerability in Tomcat9
A vulnerability exists in the improper encoding or escaping of output in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, and from 9.0.40 through 9.0.116. Users are recommended to upgrade t...
Astra Linux - уязвимость в tomcat9
There is a vulnerability in Apache Tomcat known as “Allocation of Resources Without Limits or Throttling”. This issue affects Apache Tomcat versions ranging from 11.0.0-M1 to 11.0.21, from 10.1.0-M1 to 10.1.54, and from 9.0.0.M1 to 9.0.117. Older, unsupported versions may also be affected. It is...
Astra Linux – Vulnerability in Tomcat9
In Apache Tomcat versions 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64, and 8.5.50 to 8.5.81, the Form authentication example in the sample web application displayed user-provided data without filtering, exposing an XSS vulnerability...
Astra Linux – Vulnerability in Tomcat9
There is a vulnerability in Apache Tomcat related to uncontrolled resource consumption, especially when an HTTP/2 client does not acknowledge the initial settings frame that reduces the maximum number of concurrent streams allowed. This issue affects Apache Tomcat versions as follows: from...
SUSE CVE-2026-43514
Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versio...
GHSA-5M62-PW8W-7W9F Apache Tomcat - Security constraints not correctly applied
Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: When multiple security constraints defined an HTTP method constraint for the same extension pattern, only the...
GHSA-9M89-8FRQ-C98C Apache Tomcat - AJP secret compared in non-constant time
Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: The AJP secret was compared in non-constant time allowing an attacker on the local network to mount a timing...
Allocation of Resources Without Limits or Throttling
Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the WebDAV LOCK and PROPFIND XML request bodies. An attacker can cause excessive resource consumption by...
Improper Authentication
Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authentication when DIGEST authentication is configured. An attacker can gain unauthorized access by providing any unknown...
CVE-2026-43513
Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions...
Apache Tomcat 安全漏洞
Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Security vulnerabilities exist in versions of Apache Tomcat ranging from 11.0.0-M1 to 11.0.21, from 10.1.0-M1 to 10.1.54, from...
Unity Linux 20.1060e / 20.1070e Security Update: tomcat (UTSA-2026-017616)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017616 advisory. The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration...
CVE-2026-40075
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...
CVE-2026-40075
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...
CVE-2026-40075
OpenMRS Core <2.8.6 and 2.8.0–2.8.5 exposes a path traversal in ModuleResourcesServlet (/openmrs/moduleResources/{moduleid}) due to unsafe path construction without normalization, allowing unauthenticated reading of arbitrary files (e.g., /etc/passwd). Tomcat