Lucene search
K

480 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/09 7:13 p.m.7 views

CVE-2026-25854

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...

5.8AI score0.00526EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/09 7:13 p.m.44 views

CVE-2026-25854 Apache Tomcat: Occasionally open redirect

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...

0.00526EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 7:13 p.m.222 views

CVE-2026-25854

CVE-2026-25854 is an Open Redirect vulnerability in Apache Tomcat caused by the LoadBalancerDrainingValve. Affected versions include Tomcat 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100. The issue allows occasional redirection to untru...

6.1CVSS5.8AI score0.00526EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/04/08 9:0 p.m.3 views

Open Redirect

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Open Redirect via the LoadBalancerDrainingValve.invoke function. When the LoadBalancerDrainingValve is in the disabled draining state, an attacker can redirect...

6.1CVSS5.8AI score0.00526EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 9:0 p.m.4 views

Open Redirect

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Open Redirect via the LoadBalancerDrainingValve.invoke function. When the LoadBalancerDrainingValve is in the disabled draining stat...

6.1CVSS5.8AI score0.00526EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 9:0 p.m.6 views

Improper Encoding or Escaping of Output

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in JsonAccessLogValve, which relies on an unescaped append in generating JSON logs. If non-default values are used for th...

7.5CVSS5.8AI score0.00461EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.9 views

PT-2026-31697

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100. Description An open redirect issue exists in Apache Tomcat due to a flaw in the LoadBalancerDrainingValve. This...

9.1CVSS5.8AI score0.21691EPSS
Exploits8References84
OSV
OSV
added 2026/03/12 5:39 a.m.7 views

SUSE-SU-2026:0877-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation...

9.1CVSS5.6AI score0.00498EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/02/16 6:57 p.m.2 views

org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve

A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will...

6.5CVSS5.7AI score0.00775EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/02/16 6:55 p.m.2 views

org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve

A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will...

6.5CVSS5.7AI score0.00775EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/02/16 12:4 p.m.5 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

9.8CVSS5.7AI score0.0418EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/02/16 11:56 a.m.5 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

9.8CVSS5.7AI score0.0418EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/02/16 11:27 a.m.4 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

9.8CVSS5.7AI score0.0418EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/02/16 12:0 a.m.12 views

RHEL 8 : pki-deps:10.6 (RHSA-2026:2726)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2726 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: tomcat: Apache...

9.8CVSS5.7AI score0.66535EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.10 views

RHEL 9 : pki-servlet-engine (RHSA-2026:0292)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0292 advisory. Tomcat is the servlet engine that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. T...

9.8CVSS8AI score0.66535EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.9 views

RHEL 9 : pki-servlet-engine (RHSA-2026:0293)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0293 advisory. Tomcat is the servlet engine that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. T...

9.8CVSS8AI score0.66535EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.9 views

MiracleLinux 8 : tomcat-9.0.87-1.el8_10.7 (AXSA:2025-11520:09)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11520:09 advisory. tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve CVE-2025-31651 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversa...

9.8CVSS7.9AI score0.66535EPSS
Exploits5References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:59 a.m.5 views

CVE-2020-7950

meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call...

7.8CVSS7.6AI score0.01907EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.6 views

CVE-2020-7951

meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption...

7.8CVSS7.6AI score0.01868EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/01/08 7:28 a.m.14 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

9.8CVSS7.2AI score0.0418EPSS
Exploits1References5
Rows per page
Query Builder