7162 matches found
CVE-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method
Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
CVE-2026-55955
CVE-2026-55955 describes an improper authentication flaw in Apache Tomcat’s EncryptionInterceptor for Tribes clustering, allowing a replay attack. Affected versions include Tomcat 11.0.0-M1–11.0.22, 10.1.0-M1–10.1.55, 9.0.13–9.0.18, 8.5.38–8.5.100, and 7.0.100–7.0.109. Remediation is to upgrade t...
CVE-2026-55955
Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, fro...
CVE-2026-55955 Apache Tomcat: EncryptInterceptor not protected against replay attacks
Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, fro...
CVE-2026-55276
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
CVE-2026-55276 Apache Tomcat: Logged effective web.xml is incomplete
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
CVE-2026-55276
Apache Tomcat vulnerability CVE-2026-55276 is a logging-only issue caused by an always-incorrect control flow in the effective web.xml, leading to special roles and empty authorization constraints not being shown. Affected products include Tomcat 8.5.0–8.5.100, 9.0.0.M1–9.0.118, 10.1.0-M1–10.1.55...
CVE-2026-53434
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...
CVE-2026-53404
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
CVE-2026-53404 Apache Tomcat: Bad ornext processing in RewriteValve
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
CVE-2026-50229
CVE-2026-50229 describes an XSS flaw in the Apache Tomcat “number guess” example. Affected versions include Tomcat 11.0.0-M1–11.0.22, 10.1.0-M1–10.1.55, 9.0.0.M1–9.0.118, 8.5.0–8.5.100, and 7.0.0–7.0.109. The root cause is improper neutralization of script-related HTML tags in that example web pa...
CVE-2026-50229
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...
PT-2026-53745
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109...
PT-2026-53741
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Description An incorrect control flow implementation...
PT-2026-53740
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109...
Security Bulletin: Vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat. Vulnerabilities include an authorization bypass, providing the power necessary to let users build semantic templates, allowing arbitrary code to be...
Security Bulletin: Vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js. Vulnerabilities include the authentication, authorization, and other security controls being rendered inactive on intended requests,...
ROOT-APP-MAVEN-CVE-2025-49125 CVE-2025-49125 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root
Root has patched CVE-2025-49125 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Apache Tomcat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: The Apache Tomcat application server that is shipped with IBM ApplinX is vulnerable to multiple vulnerabilities.
Summary The Apache Tomcat application server that is shipped with IBM ApplinX is vulnerable to multiple vulnerabiltiies CVE-2026-29146, CVE-2026-34487, CVE-2026-24880, CVE-2026-25854, CVE-2026-29129, CVE-2026-29145, CVE-2026-32990, CVE-2026-34483, CVE-2026-34500, CVE-2026-41284, CVE-2026-41293,...