RockyLinux 10 : tomcat (RLSA-2026:19054)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19054 advisory. tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 Tenable has extracted the preceding description blo...

RLSA-2026:19054 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 For more details about the security issues, including the impact, a CVSS...

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Page...

Apache Tomcat: Apache Tomcat: Authentication bypass via client certificate misconfiguration

A flaw was found in Apache Tomcat where OCSP-based certificate validation may incorrectly soft-fail during CLIENTCERT authentication, even when soft-fail is disabled, under certain FFM-related execution paths. This can result in client certificates being accepted despite failed or unverifiable...

gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol OCSP response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabl...

Improper Check for Certificate Revocation

Overview Affected versions of this package are vulnerable to Improper Check for Certificate Revocation in the SignatureKey verification process. An attacker can bypass revocation enforcement by presenting a certificate with a revoked SignatureKey, potentially allowing unauthorized access or trust...

Improper Check for Certificate Revocation

Overview Affected versions of this package are vulnerable to Improper Check for Certificate Revocation in the SignatureKey verification process. An attacker can bypass revocation enforcement by presenting a certificate with a revoked SignatureKey, potentially allowing unauthorized access or trust...

Astra Linux - уязвимость в mbedtls

A issue was discovered in Arm Mbed TLS before version 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock...

Amazon Linux 2023 : mount-s3 (ALAS2023-2026-1655)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1655 advisory. A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate...

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol OCSP responder is used, the Tomcat Native component, and Tomcat's FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability...

ALSA-2026:19054 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 For more details about the security issues, including the impact, a CVSS...

RHEL 10 : tomcat (RHSA-2026:19054)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19054 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate...

CLSA-2026-1778020314 openssl: Fix of CVE-2026-28388

CVE-2026-28388: fix NULL pointer dereference in checkdeltabase when delta CRL lacks CRL Number extension...

Astra Linux - уязвимость в curl

Curl versions 7.41.0 through 7.73.0 are vulnerable to a flaw related to improper checks for certificate revocation, due to insufficient verification of the OCSP response...

Astra Linux - уязвимость в thunderbird

The OCSP revocation status of recipient certificates was not checked when sending S/MIME encrypted emails. As a result, revoked certificates were accepted. This bug affected Thunderbird versions from 68 to 102.9.1. This vulnerability affects Thunderbird versions earlier than 102.10...

Astra Linux - уязвимость в mbedtls

An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtlsx509crlparseder has a buffer over-read of one byte...

ALPINE-CVE-2026-3832

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol OCSP response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabl...

EUVD-2026-26402

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol OCSP response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabl...

CVE-2026-3832

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol OCSP response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabl...