Lucene search
+L

27 matches found

snyk
snyk
•added 2026/06/29 10:23 p.m.•10 views

Improper Authorization

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Improper Authorization due to the improper enforcement of security constraints in the default...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References2
snyk
snyk
•added 2026/06/29 10:23 p.m.•4 views

Missing Critical Step in Authentication

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the JNDIRealm process when configured to authenticate binds using GSSAPI. An attacker can gain unauthorized access by...

9.3CVSS5.8AI score0.00462EPSS
Exploits0References2
nessus
nessus
•added 2026/06/08 12:0 a.m.•16 views

TencentOS Server 4: tomcat (TSSA-2026:0337)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0337 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.1CVSS7.2AI score0.01136EPSS
Exploits1References3
snyk
snyk
•added 2026/05/12 5:22 p.m.•8 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor in WebSocket client during authentication. An attacker can obtain sensitive HTTP authentication headers by initiating a WebSocket handshake with a malicious host...

7.3CVSS5.8AI score0.00548EPSS
Exploits0References2
nessus
nessus
•added 2026/04/10 12:0 a.m.•32 views

Linux Distros Unpatched Vulnerability : CVE-2026-34486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue...

7.5CVSS7.1AI score0.21691EPSS
Exploits6References3
snyk
snyk
•added 2026/04/08 9:0 p.m.•4 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in processOCSPRequest, which is part of the the CLIENTCERT authentication process. In some "edge cases", an attacker can trigger a soft-fail of OCSP checks when soft-fail is disabled. Remediation Upgrade...

8.3CVSS5.8AI score0.00469EPSS
Exploits0References2
nessus
nessus
•added 2026/02/18 12:0 a.m.•17 views

Apache Tomcat 9.0.83 < 9.0.115

The version of Tomcat installed on the remote host is prior to 9.0.115. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.115security-9 advisory. - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder,...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References2
snyk
snyk
•added 2026/02/16 10:0 p.m.•4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when using an OCSP responder. OCSP response verification and freshness checks can be bypassed, allowing certificate revocation to be bypassed. Remediation Upgrade org.apache.tomcat:tomcat-coyote-ffm to version...

8.7CVSS5.5AI score0.00498EPSS
Exploits0References2
osv
osv
•added 2026/01/14 1:17 p.m.•4 views

SUSE-SU-2026:20084-1 Security update for tomcat

This update for tomcat fixes the following issues: - Update to Tomcat 9.0.111 - Security fixes: - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753. - CVE-2025-55754: improper neutralization of Escape, Meta, or Control Sequences vulnerability in Apache...

9.6CVSS7.2AI score0.66535EPSS
Exploits4References7
nessus
nessus
•added 2025/10/28 12:0 a.m.•6 views

Apache Tomcat 9.0.40 < 9.0.109 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.109. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.109security-9 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat...

9.6CVSS6.9AI score0.09917EPSS
Exploits0References4
nessus
nessus
•added 2025/04/01 12:0 a.m.•23 views

Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-016)

The version of tomcat installed on the remote host is prior to 9.0.102-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2025-016 advisory. Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious...

10CVSS9AI score0.99945EPSS
Exploits47References4
nessus
nessus
•added 2025/01/24 12:0 a.m.•38 views

Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-015)

The version of tomcat installed on the remote host is prior to 9.0.98-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2025-015 advisory. Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE...

9.8CVSS7.2AI score0.44312EPSS
Exploits14References10
nessus
nessus
•added 2023/10/18 12:0 a.m.•58 views

Amazon Linux 2 : tomcat (ALASTOMCAT9-2023-010)

The version of tomcat installed on the remote host is prior to 9.0.81-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2023-010 advisory. Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from...

7.5CVSS7.3AI score0.99999EPSS
Exploits21References8
hpe
hpe
•added 2022/11/24 12:0 a.m.•3 views

HPESBMU04392 rev.1 - HPE IceWall Products, Disclosure of Information

Potential Security Impact: Remote: Disclosure of Information SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE IceWall Federation - 4.0 RHEL 8 and Windows - SAML IdP, Office 365 module, OIDC RP and OIDC OP. IceWall Gen11 Password Reset Option - 11.0 RHEL 8 and Windows IceWall...

3.7CVSS6.8AI score0.01912EPSS
Exploits0
vulnrichment
vulnrichment
•added 2022/02/22 10:55 p.m.•7 views

CVE-2022-23612 Directory Traversal in OpenMRS Startup Filter

OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for /images & /initfilter/scripts. This...

7.5CVSS7.6AI score0.01931EPSS
Exploits1References4
ptsecurity
ptsecurity
•added 2022/02/22 12:0 a.m.•9 views

PT-2022-16127

Name of the Vulnerable Software and Affected Versions OpenMRS versions prior to 2.1.5 OpenMRS versions prior to 2.2.1 OpenMRS versions prior to 2.3.5 OpenMRS versions prior to 2.4.5 OpenMRS versions prior to 2.5.3 Description The issue affects OpenMRS, a patient-based medical record system, due t...

7.5CVSS7.2AI score0.01931EPSS
Exploits1References11
atlassian
atlassian
•added 2020/07/17 3:19 p.m.•77 views

Upgrade the bundled version of Apache Tomcat to 8.5.57

h3. Issue Summary The recently disclosed vulnerability regarding Apache Tomcat CVE-2020-13934|https://vulners.com/cve/CVE-2020-13934 affects the following versions: Apache Tomcat 8.x from 8.5.1 to 8.5.56 Apache Tomcat 9.x from 9.0.0.M5 to 9.0.36 Apache Tomcat 10.x from 10.0.0-M1 to 10.0.0-M6...

7.5CVSS7.5AI score0.87553EPSS
Exploits1
atlassian
atlassian
•added 2020/06/29 1:40 p.m.•284 views

Upgrade Tomcat to version 9.0.37

h3. Issue Summary The current version of Tomcat 9.0.33 bundled with Confluence at least up to Confluence version 7.6 is vulnerable to HTTP/2 Denial of Service CVE-2020-11996 https://tomcat.apache.org/security-8.htmlFixedinApacheTomcat9.0.36...

7.5CVSS0.9AI score0.87553EPSS
Exploits17Affected Software1
atlassian
atlassian
•added 2020/01/15 3:29 p.m.•107 views

Upgrade Tomcat to 8.5.50 to fix CVE-2019-17563 & CVE-2019-12418

h3. Issue Summary The recently disclosed vulnerabilities regarding Apache Tomcat CVE-2019-12418|https://vulners.com/cve/CVE-2019-12418 CVE-2019-17563|https://vulners.com/cve/CVE-2019-17563 Which affects the following versions: Apache Tomcat 8.x from 8.5.0 before 8.5.50 We should bundle a more...

7.5CVSS8AI score0.10687EPSS
Exploits0
atlassian
atlassian
•added 2018/08/01 9:33 a.m.•632 views

Upgrade to Tomcat 8.5.32 necessary

There are new vulnerabilities reported by apache: http://mail-archives.us.apache.org/modmbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E http://mail-archives.us.apache.org/modmbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E It is...

7.5CVSS1.6AI score0.94494EPSS
Exploits3Affected Software1
Rows per page
Query Builder