47 matches found
CVE-2026-29129 Apache Tomcat: TLS cipher order is not preserved
Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue...
Use of a Broken or Risky Cryptographic Algorithm
Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm which may arise due to improper preservation of the configured cipher preference order. An attacker who can...
PT-2026-31698
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.16 through 11.0.18 Apache Tomcat versions 10.1.51 through 10.1.52 Apache Tomcat versions 9.0.114 through 9.0.115 Description An issue exists in Apache Tomcat where the configured cipher preference order is not...
Fixed in Apache Tomcat 10.1.53
Moderate: The fix forCVE-2025-66614 was incomplete CVE-2026-32990 The validation of SNI name and host name did not take account of possible differences in case allowing the strict SNI checks to be bypassed. This was fixed with commit 4d0615a5. This issue was reported to the Tomcat security team o...
Fixed in Apache Tomcat 11.0.20
Moderate: The fix forCVE-2025-66614 was incomplete CVE-2026-32990 The validation of SNI name and host name did not take account of possible differences in case allowing the strict SNI checks to be bypassed. This was fixed with commit 021d1f83. This issue was reported to the Tomcat security team o...
Fixed in Apache Tomcat 9.0.116
Moderate: The fix forCVE-2025-66614 was incomplete CVE-2026-32990 The validation of SNI name and host name did not take account of possible differences in case allowing the strict SNI checks to be bypassed. This was fixed with commit 95f77782. This issue was reported to the Tomcat security team o...
openSUSE Security Update : lighttpd (openSUSE-SU-2012:0240-1)
This update of lighttpd fixes an out-of-bounds read due to a signedness error which could cause a Denial of Service CVE-2011-4362. Additionally an option was added to honor the server cipher order resolves lighttpd2364. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...