Important: tomcat

Issue Overview: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or...

RHEL 7 : apache-commons-beanutils (RHSA-2025:10814)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10814 advisory. The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans. Security Fixes:...

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-1065)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1065 advisory. Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before...

Amazon Linux 2 : tomcat (ALAS-2025-2920)

The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2920 advisory. Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload...

Amazon Linux 2 : apache-commons-io (ALAS-2025-2927)

The version of apache-commons-io installed on the remote host is prior to 2.4-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2927 advisory. Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader clas...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in commons-io-2.8.0.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of commons-io-2.8.0.jar Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consu...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to Apache Commons IO.

Summary Security Bulletin:IBM Sterling External Authentication Server is vulnerable to Apache Commons IO. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may...

RHSA-2025:10548 Red Hat Security Advisory: apache-commons-vfs security update

Bulletin has no description...

DoS (Denial of Service) Third-Party Dependency in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.4.0, 9.5.0, 9.6.0, 10.0.0, 10.1.0, 10.2.0, and 11.0.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

apache-commons-vfs: Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT

A flaw was found in Apache Commons VFS. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains...

Moderate: Red Hat Security Advisory: apache-commons-vfs security update

An update for apache-commons-vfs is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 7 : apache-commons-vfs (RHSA-2025:10548)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10548 advisory. Commons VFS provides a single API for accessing various different file systems. It presents a uniform view of the files from various different...

Security Bulletin: IBM QRadar SIEM protocol is affected by Denial of Service and Security Restriction Bypass

Summary Apache Commons Compress and Apache HttpClient are affected by Denial of Service and Security Restriction Bypass. Attackers could potentially disrupt services or bypass security controls to access sensitive information. These issues have been addressed with an update. Vulnerability Details...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.8.1. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.8 Security update (Important) (RHSA-2025:10453)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10453 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...

apache-commons-fileupload-1.6.0-1.1 on GA media (moderate)

apache-commons-fileupload-1.6.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15208-1 Rating: moderate Cross-References: CVE-2025-48976 CVSS scores: CVE-2025-48976 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-48976 SUSE : 8.7...

Security Bulletin: IBM Integration Designer is vulnerable to improper access control (CVE-2025-48734)

Summary Vulnerability in Apache Commons BeanUtils used by IBM Integration Designer. IBM Integration Designer has addressed CVE-2025-48734. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in...