Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-016)

The version of tomcat installed on the remote host is prior to 9.0.102-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2025-016 advisory. Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious...

Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-015)

The version of tomcat installed on the remote host is prior to 9.0.98-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2025-015 advisory. Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE...

Amazon Linux 2 : tomcat (ALASTOMCAT9-2023-010)

The version of tomcat installed on the remote host is prior to 9.0.81-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2023-010 advisory. Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from...

Upgrade the bundled version of Apache Tomcat to 8.5.57

h3. Issue Summary The recently disclosed vulnerability regarding Apache Tomcat CVE-2020-13934|https://vulners.com/cve/CVE-2020-13934 affects the following versions: Apache Tomcat 8.x from 8.5.1 to 8.5.56 Apache Tomcat 9.x from 9.0.0.M5 to 9.0.36 Apache Tomcat 10.x from 10.0.0-M1 to 10.0.0-M6...

[SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4322 Incomplete fix for CVE-2012-3544 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.0-RC5 - - Apache Tomcat 7.0.0 to 7.0.47 - - Apache Tomcat 6.0.0 to 6.0.37...