Lucene search
K

19 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.8 views

AlmaLinux 9 : tomcat (ALSA-2026:26323)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:26323 advisory. tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 Tenable has extracted the preceding description block...

7.5CVSS7.3AI score0.00498EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 12:3 p.m.4 views

RLSA-2026:26323 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 For more details about the security issues, including the impact, a CVSS...

7.4CVSS5.4AI score0.00498EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.7 views

RockyLinux 9 : tomcat (RLSA-2026:26323)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26323 advisory. tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 Tenable has extracted the preceding description bloc...

7.5CVSS5.4AI score0.00498EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/16 1:59 p.m.7 views

tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol OCSP responder is used, the Tomcat Native component, and Tomcat's FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability...

7.5CVSS6.4AI score0.00498EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/16 1:59 p.m.7 views

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2026/06/16 12:0 a.m.4 views

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 For more details about the security issues, including the impact, a CVSS...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 12:0 a.m.4 views

ALSA-2026:26323 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 For more details about the security issues, including the impact, a CVSS...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.7 views

RHEL 9 : tomcat (RHSA-2026:26323)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26323 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate...

7.5CVSS5.4AI score0.00498EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.9 views

RockyLinux 10 : tomcat (RLSA-2026:19054)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19054 advisory. tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 Tenable has extracted the preceding description blo...

7.5CVSS6.7AI score0.00498EPSS
Exploits0References3
OSV
OSV
added 2026/05/19 12:0 a.m.14 views

ALSA-2026:19054 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 For more details about the security issues, including the impact, a CVSS...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.9 views

RHEL 10 : tomcat (RHSA-2026:19054)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19054 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate...

7.5CVSS7.3AI score0.00498EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/08 11:25 p.m.9 views

SUSE CVE-2026-32144

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in publickey:pkixocspvalidate/5 does not verify that a CA-designated responder certificate...

8.1CVSS5.8AI score0.002EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/03/25 4:52 p.m.12 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.1 release and security update

Red Hat JBoss Web Server 6.2.1 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives ...

7.5CVSS5.8AI score0.00498EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/03/25 4:44 p.m.7 views

tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol OCSP responder is used, the Tomcat Native component, and Tomcat's FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability...

7.5CVSS5.7AI score0.00498EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.3 views

RHEL 10 / 8 / 9 : Red Hat JBoss Web Server 6.2.1 (RHSA-2026:5611)

The remote Redhat Enterprise Linux 10 / 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5611 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

7.5CVSS5.9AI score0.00498EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/17 9:31 p.m.15 views

Apache Tomcat has an Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

7.5CVSS5.7AI score0.00498EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2026/02/17 6:53 p.m.115 views

CVE-2026-24734

CVE-2026-24734 is an Improper Input Validation vulnerability affecting Apache Tomcat Native and Apache Tomcat itself. When using an OCSP responder, Tomcat Native (and the Tomcat Native FFM port) may not perform verification or freshness checks on OCSP responses, potentially allowing certificate r...

7.5CVSS5.4AI score0.00498EPSS
Exploits0References10Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.3 views

SUSE CVE-2010-0731

The gnutlsx509crtgetserial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1readvalue with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list CRL check and cau...

7.5CVSS8.8AI score0.02944EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.3 views

SUSE CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

6.5CVSS9.6AI score0.04575EPSS
Exploits1References137
Rows per page
Query Builder