GHSA-5M62-PW8W-7W9F Apache Tomcat - Security constraints not correctly applied

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: When multiple security constraints defined an HTTP method constraint for the same extension pattern, only the...

Medium: tomcat

Issue Overview: Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage...

EUVD-2018-0522

Malware in sbrugna...

SUSE CVE-2025-55668

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 ...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

利用条件 + DefaultServlet 写入功能启用：需在 web.xml 中配置 readonly=false...

Important: tomcat

Issue Overview: Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn l...

PT-2021-5289 · Apache +2 · Apache Tomcat +2

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 8.5.60 through 8.5.71 Apache Tomcat versions 9.0.40 through 9.0.53 Apache Tomcat versions 10.0.0-M1 through 10.0.11 Apache Tomcat versions 10.1.0-M1 through 10.1.0-M5 Description: The issue is related to a memory leak i...

Apache Tomcat Exploit Poised to Pounce, Stealing Files

A vulnerability in the popular Apache Tomcat web server is ripe for active attack, thanks to a proof-of-concept PoC exploit making an appearance on GitHub. The now-patched bug affects Tomcat versions 7.0, 8.5 and 9.0. According to Flashpoint analysts Cheng Lu and Steven Ouellette, an exploit for...

Apache Tomcat AJP RCE Vulnerability (Ghostcat) - Active Check

Apache Tomcat is prone to a remote code execution RCE vulnerability in the AJP connector dubbed SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

Apache Tomcat 'CORS Filter' Setting Security Bypass Vulnerability

Apache Tomcat is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...