27 matches found
Improper Authorization
Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Improper Authorization due to the improper enforcement of security constraints in the default...
Missing Critical Step in Authentication
Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the JNDIRealm process when configured to authenticate binds using GSSAPI. An attacker can gain unauthorized access by...
TencentOS Server 4: tomcat (TSSA-2026:0337)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0337 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Exposure of Private Personal Information to an Unauthorized Actor
Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor in WebSocket client during authentication. An attacker can obtain sensitive HTTP authentication headers by initiating a WebSocket handshake with a malicious host...
Linux Distros Unpatched Vulnerability : CVE-2026-34486
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in processOCSPRequest, which is part of the the CLIENTCERT authentication process. In some "edge cases", an attacker can trigger a soft-fail of OCSP checks when soft-fail is disabled. Remediation Upgrade...
Apache Tomcat 9.0.83 < 9.0.115
The version of Tomcat installed on the remote host is prior to 9.0.115. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.115security-9 advisory. - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder,...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization when using an OCSP responder. OCSP response verification and freshness checks can be bypassed, allowing certificate revocation to be bypassed. Remediation Upgrade org.apache.tomcat:tomcat-coyote-ffm to version...
SUSE-SU-2026:20084-1 Security update for tomcat
This update for tomcat fixes the following issues: - Update to Tomcat 9.0.111 - Security fixes: - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753. - CVE-2025-55754: improper neutralization of Escape, Meta, or Control Sequences vulnerability in Apache...
Apache Tomcat 9.0.40 < 9.0.109 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.109. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.109security-9 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat...
Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-016)
The version of tomcat installed on the remote host is prior to 9.0.102-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2025-016 advisory. Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious...
Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-015)
The version of tomcat installed on the remote host is prior to 9.0.98-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2025-015 advisory. Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE...
Amazon Linux 2 : tomcat (ALASTOMCAT9-2023-010)
The version of tomcat installed on the remote host is prior to 9.0.81-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2023-010 advisory. Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from...
HPESBMU04392 rev.1 - HPE IceWall Products, Disclosure of Information
Potential Security Impact: Remote: Disclosure of Information SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE IceWall Federation - 4.0 RHEL 8 and Windows - SAML IdP, Office 365 module, OIDC RP and OIDC OP. IceWall Gen11 Password Reset Option - 11.0 RHEL 8 and Windows IceWall...
CVE-2022-23612 Directory Traversal in OpenMRS Startup Filter
OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for /images & /initfilter/scripts. This...
PT-2022-16127
Name of the Vulnerable Software and Affected Versions OpenMRS versions prior to 2.1.5 OpenMRS versions prior to 2.2.1 OpenMRS versions prior to 2.3.5 OpenMRS versions prior to 2.4.5 OpenMRS versions prior to 2.5.3 Description The issue affects OpenMRS, a patient-based medical record system, due t...
Upgrade the bundled version of Apache Tomcat to 8.5.57
h3. Issue Summary The recently disclosed vulnerability regarding Apache Tomcat CVE-2020-13934|https://vulners.com/cve/CVE-2020-13934 affects the following versions: Apache Tomcat 8.x from 8.5.1 to 8.5.56 Apache Tomcat 9.x from 9.0.0.M5 to 9.0.36 Apache Tomcat 10.x from 10.0.0-M1 to 10.0.0-M6...
Upgrade Tomcat to version 9.0.37
h3. Issue Summary The current version of Tomcat 9.0.33 bundled with Confluence at least up to Confluence version 7.6 is vulnerable to HTTP/2 Denial of Service CVE-2020-11996 https://tomcat.apache.org/security-8.htmlFixedinApacheTomcat9.0.36...
Upgrade Tomcat to 8.5.50 to fix CVE-2019-17563 & CVE-2019-12418
h3. Issue Summary The recently disclosed vulnerabilities regarding Apache Tomcat CVE-2019-12418|https://vulners.com/cve/CVE-2019-12418 CVE-2019-17563|https://vulners.com/cve/CVE-2019-17563 Which affects the following versions: Apache Tomcat 8.x from 8.5.0 before 8.5.50 We should bundle a more...
Upgrade to Tomcat 8.5.32 necessary
There are new vulnerabilities reported by apache: http://mail-archives.us.apache.org/modmbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E http://mail-archives.us.apache.org/modmbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E It is...