Lucene search
K

7158 matches found

RedHat Linux
RedHat Linux
added 2026/05/26 12:59 p.m.11 views

Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve

A flaw was found in Apache Tomcat. This open redirect vulnerability allows an attacker to redirect a user to an untrusted site. This occurs through the LoadBalancerDrainingValve, which can be exploited to manipulate URL redirection. The primary impact is that users may be unknowingly directed to...

6.1CVSS6.3AI score0.00526EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/26 12:59 p.m.13 views

Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve

A flaw was found in the JsonAccessLogValve component of Apache Tomcat. This improper encoding or escaping of output vulnerability could allow an attacker to inject specially crafted data into log files. This could lead to information disclosure or other unintended consequences when the logs are...

7.5CVSS7AI score0.00461EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/26 12:59 p.m.16 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS7.2AI score0.03494EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/26 12:55 p.m.19 views

Apache Tomcat: Apache Tomcat: Authentication bypass due to CLIENT_CERT soft fail misconfiguration

A flaw was found in Apache Tomcat and Apache Tomcat Native. When CLIENTCERT authentication is configured with "soft fail" disabled, the authentication process may not correctly fail in certain scenarios. This vulnerability could allow an attacker to bypass expected client certificate...

9.1CVSS5.8AI score0.00715EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/26 12:55 p.m.13 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS7.2AI score0.03494EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/26 12:55 p.m.21 views

Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension

A flaw was found in Apache Tomcat. A remote attacker could exploit an inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, by sending a specially crafted request with an invalid chunk extension. This vulnerability allows an attacker to manipulate the way HTTP...

7.5CVSS5.8AI score0.00453EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in Tomcat9

Apache Tomcat has a Relative Path Traversal vulnerability. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before being decoded. This created the possibility that, for rewrite rules that modify query parameters into the URL, an attacker could manipulate the...

7.5CVSS7.3AI score0.66535EPSS
Exploits4References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Tomcat9

Occasional URL redirection to untrusted sites is a vulnerability in Apache Tomcat, caused by the LoadBalancerDrainingValve mechanism. This issue affects Apache Tomcat versions as follows: - 11.0.0-M1 through 11.0.18 - 10.1.0-M1 through 10.1.52 - 9.0.0.M23 through 9.0.115 - 8.5.30 through 8.5.100...

6.1CVSS6.2AI score0.00526EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Tomcat9

There is a vulnerability related to improper input validation in Apache Tomcat. Tomcat did not restrict HTTP/0.9 requests to only the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, users could bypass this constraint on GET requests by...

6.5CVSS7.5AI score0.00494EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Tomcat9

DoS attack due to a vulnerability related to incomplete cleanup in Apache Tomcat. WebSocket clients were able to keep WebSocket connections open, leading to increased resource consumption. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18,...

6.3CVSS7.1AI score0.02313EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux - уязвимость в tomcat9

There is a vulnerability in Apache Tomcat known as “Allocation of Resources Without Limits or Throttling”. This issue affects Apache Tomcat versions ranging from 11.0.0-M1 to 11.0.21, from 10.1.0-M1 to 10.1.54, and from 9.0.0.M1 to 9.0.117. Older, unsupported versions may also be affected. It is...

7.5CVSS5.7AI score0.0078EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux - уязвимость в tomcat9

There is a vulnerability related to improper input validation in Apache Tomcat. This issue affects Apache Tomcat versions as follows: 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, 9.0.0.M1 through 9.0.117, and 10.0.0-M1 through 10.0.27. Older, end-of-support versions may also be affected...

9.8CVSS5.7AI score0.01339EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux - уязвимость в tomcat9

DEPRECATED: There is a vulnerability related to authentication bypass in digest authentication in Apache Tomcat. This issue affects Apache Tomcat versions as follows: 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, 9.0.0.M1 through 9.0.117, 8.5.0 through 8.5.100, and versions prior to 7.0.0...

9.8CVSS5.7AI score0.01233EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux - уязвимость в tomcat9

CLIENTCERT authentication does not fail as expected in some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: versions from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, and from 9.0.92 through 9.0.116. Users are recommended to...

6.5CVSS5.8AI score0.00469EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Tomcat9

The Padding Oracle vulnerability exists in Apache Tomcat’s EncryptInterceptor with the default configuration. This issue affects Apache Tomcat versions as follows: 11.0.0-M1 through 11.0.18, 10.0.0-M1 through 10.1.52, 9.0.13 through 9.0.115, 8.5.38 through 8.5.100, and 7.0.100 through 7.0.109...

7.5CVSS5.8AI score0.03494EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Tomcat9

There is a vulnerability related to improper input validation in Apache Tomcat. In versions of Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82, and from 8.5.0 through 8.5.95, HTTP trailer headers were not parsed correctly. A trailer header th...

7.5CVSS6.9AI score0.02651EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 1:41 p.m.13 views

org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...

9.6CVSS7.3AI score0.09917EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/19 1:41 p.m.13 views

org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve

A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will...

6.5CVSS6.5AI score0.00775EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/19 1:41 p.m.20 views

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

7.3CVSS7.3AI score0.02736EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/19 1:26 p.m.14 views

tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol OCSP responder is used, the Tomcat Native component, and Tomcat's FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References5
Rows per page
Query Builder