480 matches found
CVE-2026-25854
Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...
CVE-2026-25854 Apache Tomcat: Occasionally open redirect
Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...
CVE-2026-25854
CVE-2026-25854 is an Open Redirect vulnerability in Apache Tomcat caused by the LoadBalancerDrainingValve. Affected versions include Tomcat 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100. The issue allows occasional redirection to untru...
Open Redirect
Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Open Redirect via the LoadBalancerDrainingValve.invoke function. When the LoadBalancerDrainingValve is in the disabled draining state, an attacker can redirect...
Open Redirect
Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Open Redirect via the LoadBalancerDrainingValve.invoke function. When the LoadBalancerDrainingValve is in the disabled draining stat...
Improper Encoding or Escaping of Output
Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in JsonAccessLogValve, which relies on an unescaped append in generating JSON logs. If non-default values are used for th...
PT-2026-31697
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100. Description An open redirect issue exists in Apache Tomcat due to a flaw in the LoadBalancerDrainingValve. This...
SUSE-SU-2026:0877-1 Security update for tomcat11
This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation...
org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve
A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will...
org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve
A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will...
tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...
tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...
tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...
RHEL 8 : pki-deps:10.6 (RHSA-2026:2726)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2726 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: tomcat: Apache...
RHEL 9 : pki-servlet-engine (RHSA-2026:0292)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0292 advisory. Tomcat is the servlet engine that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. T...
RHEL 9 : pki-servlet-engine (RHSA-2026:0293)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0293 advisory. Tomcat is the servlet engine that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. T...
MiracleLinux 8 : tomcat-9.0.87-1.el8_10.7 (AXSA:2025-11520:09)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11520:09 advisory. tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve CVE-2025-31651 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversa...
CVE-2020-7950
meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call...
CVE-2020-7951
meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption...
tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...