Apache Tomcat Examples Web Application - Cross-Site Scripting

Apache Tomcat 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22, and 10.1.0-M1 to 10.1.0-M16 contain a reflected cross-site scripting caused by displaying unfiltered user data in the Form authentication example, letting attackers execute scripts in victim browsers, exploit requires attacke...

ROS-20260605-73-0028

The vulnerability in Tomcat is related to manipulating an unknown input, resulting in a time mismatch. Exploiting this vulnerability can allow an attacker who operates remotely to gain unauthorized access to protected information...

ROS-20260605-73-0030

The vulnerability in Tomcat11 is related to manipulating an unknown input, resulting in a time mismatch. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension

A flaw was found in Apache Tomcat. A remote attacker could exploit an inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, by sending a specially crafted request with an invalid chunk extension. This vulnerability allows an attacker to manipulate the way HTTP...

Astra Linux - уязвимость в tomcat9

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26, or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers by setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat would not reject requests containing an invalid Content-Length header. This...

Astra Linux - уязвимость в tomcat9

Improper resource shutdown or release vulnerabilities in Apache Tomcat. If an error occurs including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts stored on the disk are not deleted immediately but are left for the garbage collection process ...

Astra Linux - уязвимость в tomcat9

A vulnerability exists in the improper encoding or escaping of output in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: versions from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, and from 9.0.40 through 9.0.116. Users are recommended to upgrade ...

Astra Linux - уязвимость в tomcat9

There is a vulnerability in Apache Tomcat known as “Allocation of Resources Without Limits or Throttling”. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, and from 9.0.13 through 9.0.89. The following versions were already discontinued...

Astra Linux - уязвимость в tomcat9

The issue involves a vulnerability in the generation of error messages containing sensitive information in Apache Tomcat. This issue affects Apache Tomcat versions starting from 8.5.7 through 8.5.63, and from 9.0.0-M11 through 9.0.43. Other, end-of-life versions may also be affected. It is...

Astra Linux - уязвимость в tomcat9

When responding to new H2C connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, and 8.5.0 to 8.5.61 may duplicate request headers and a limited amount of request body from one request to another. This means that user A and user B may both see the results of user A’...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar Vulnerability Details CVEID:CVE-2026-24880 DESCRIPTION: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This...

SUSE CVE-2026-41284

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are recommended to upgrade ...

Linux Distros Unpatched Vulnerability : CVE-2026-43513

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from...

EUVD-2026-29519

Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from...

Apache Tomcat - HTTP/2 request headers not validated

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: HTTP/2 request headers were not validated which may have triggered unexpected application behaviour if the...

DEBIAN-CVE-2026-43513

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions...

DEBIAN-CVE-2026-41293

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected. Users are recommended to...

CVE-2026-43515

The CVE-2026-43515 issue is an Improper Authorization flaw in Apache Tomcat caused by multiple method constraints defining the HTTP method for the same extension. Affected versions include Tomcat 11.0.0-M1–11.0.21, 10.1.0-M1–10.1.54, 9.0.0.M1–9.0.117, 8.5.0–8.5.100, and 7.0.0–7.0.109. Mitigation ...

CVE-2026-43512 Apache Tomcat: Digest authenticator will authenticate any unknown user

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported...

PT-2026-40072

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.21 Apache Tomcat versions 10.1.0-M1 through 10.1.54 Apache Tomcat versions 9.0.0.M1 through 9.0.117 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109...