Lucene search
K

80 matches found

OSV
OSV
added 2026/06/10 6:44 a.m.5 views

USN-8417-1 tomcat9, tomcat10 vulnerabilities

It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. CVE-2026-41284 It was discovered that Tomcat incorrectly validated HTTP/2...

9.8CVSS7.7AI score0.0078EPSS
Exploits1References7
Debian
Debian
added 2026/06/06 10:30 p.m.7 views

[SECURITY] [DLA 4619-1] tomcat9 security update

Debian LTS Advisory DLA-4619-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 07, 2026 https://wiki.debian.org/LTS Package : tomcat9 Version : 9.0.118-0+deb11u1 CVE ID : CVE-2026-24880 CVE-2026-25854 CVE-2026-29129 CVE-2026-29145 CVE-2026-29146 CVE-2026-3299...

9.8CVSS7AI score0.03645EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.7 views

Debian dla-4619 : libtomcat9-embed-java - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4619 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4619-1 [email protected]...

9.8CVSS7.1AI score0.03645EPSS
Exploits3References34
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/05 12:0 a.m.6 views

tomcat-9.0.118-1.1 on GA media (moderate)

tomcat-9.0.118-1.1 on GA media Announcement ID: openSUSE-SU-2026:10925-1 Rating: moderate Cross-References: CVE-2026-41284 CVE-2026-41293 CVE-2026-42498 CVE-2026-43512 CVE-2026-43513 CVE-2026-43514 CVE-2026-43515 CVSS scores: CVE-2026-41284 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H...

8.7CVSS6.5AI score0.0078EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.18 views

Astra Linux - уязвимость в tomcat9

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, or 7.0.0 to 7.0.107, the Tomcat instance was still vulnerable to CVE-2020-9494, even when using a configuration edge case that was highly unlikely to be used. It should be...

7CVSS6.7AI score0.09491EPSS
Exploits15References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux - уязвимость в tomcat9

Improper handling of exceptional conditions, and uncontrolled resource consumption vulnerabilities in Apache Tomcat. When processing an HTTP/2 stream, Tomcat failed to correctly handle some cases of excessive HTTP headers. This resulted in an incorrect count of active HTTP/2 streams, leading to t...

7.5CVSS6.8AI score0.04602EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в tomcat9

There is a vulnerability in Apache Tomcat known as “Allocation of Resources Without Limits or Throttling”. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, and from 9.0.0.M1 through 9.0.105. The following versions were already discontinued E...

7.5CVSS6.8AI score0.53228EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в tomcat9

DoS attack due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeds any of the configured limits for headers, the associated HTTP/2 stream is not reset until all headers have been processed. This issue affects...

7.5CVSS7.1AI score0.23072EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux - уязвимость в tomcat9

Apache Tomcat versions 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43, and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop, resulting in a denial of...

7.5CVSS6.9AI score0.06687EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в tomcat9

There is a vulnerability related to observable timing discrepancies when comparing AJP secrets in Apache Tomcat. This issue affects Apache Tomcat versions as follows: 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, 9.0.0.M1 through 9.0.117, 8.5.0 through 8.5.100, and 7.0.0 through 7.0.109...

3.7CVSS5.7AI score0.00365EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux - уязвимость в tomcat9

The simplified implementation of blocking reads and writes introduced in Tomcat 10, and backported to Tomcat 9.0.47 and later versions, exposed a long-standing but extremely difficult to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60, and...

3.7CVSS6.8AI score0.01632EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux - уязвимость в tomcat9, libcommons-fileupload-java

Apache Commons FileUpload before version 1.5 does not limit the number of request parts that can be processed, which allows an attacker to trigger a DoS attack with a malicious upload or series of uploads. It should be noted that, like all file upload limitations, the new configuration option...

7.5CVSS6.5AI score0.46836EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в tomcat9

In some unusual configurations of multipart uploads, an Integer Overflow vulnerability in Apache Tomcat can lead to a Denial-of-Service attack by bypassing size limits. This issue affects Apache Tomcat versions as follows: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, and from...

7.5CVSS7.3AI score0.0196EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 10:6 a.m.4 views

RHSA-2026:18536 Red Hat Security Advisory: tomcat9 security update

Bulletin has no description...

6.5CVSS7.1AI score0.09244EPSS
Exploits1References25
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.4 views

RHEL 10 : tomcat9 (RHSA-2026:18536)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18536 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages...

9.6CVSS7AI score0.09244EPSS
Exploits1References11
OSV
OSV
added 2026/05/18 1:47 p.m.2 views

CLEANSTART-2026-UZ56639 Security fixes for CVE-2022-23181, CVE-2022-29885, CVE-2022-34305, CVE-2022-42252, CVE-2022-45143, CVE-2023-24998, CVE-2023-28708 applied in versions: 9.0.58-r0, 9.0.63-r0, 9.0.64-r0, 9.0.68-r0, 9.0.70-r0, 9.0.71-r0, 9.0.73-r0, 9.0.80-r0

Multiple security vulnerabilities affect the tomcat9 package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS6.8AI score0.71653EPSS
Exploits21References15
AstraLinux
AstraLinux
added 2026/05/03 11:59 p.m.6 views

Astra Linux – Vulnerability in libcommons-fileupload-java, tomcat9

The allocation of resources for multipart headers with insufficient limits enabled created a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: versions from 1.0 before 1.6, and from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to version 1...

7.5CVSS6.9AI score0.63258EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/03 11:59 p.m.3 views

Astra Linux – Vulnerability in Tomcat9

Apache Tomcat versions 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46, and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances, which could lead to requests for data smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored t...

5.3CVSS7.2AI score0.75353EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/03 11:59 p.m.1 views

Astra Linux – Vulnerability in Tomcat9

The vulnerability involving uncontrolled resource consumption in the Apache Tomcat-based example web applications leads to a denial-of-service attack. This issue affects Apache Tomcat versions as follows: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, and from 9.0.0.M1 through...

5.3CVSS6.8AI score0.01881EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/03 11:59 p.m.6 views

Astra Linux – Vulnerabilities in nghttp2, netty, tomcat9, jetty9, grpc

The HTTP/2 protocol allows for a denial of service server resource consumption, as request cancellation can quickly reset many streams, as exploited in practice from August to October 2023...

7.5CVSS7AI score0.99999EPSS
Exploits19References2
Rows per page
Query Builder