Lucene search
K

32 matches found

OSV
OSV
added 2026/05/18 1:35 p.m.21 views

CLEANSTART-2026-MR27796 Security fixes for CVE-2022-23181, CVE-2022-29885, CVE-2022-34305, CVE-2022-42252, CVE-2022-45143, CVE-2023-24998, CVE-2023-28708, CVE-2025-31650, CVE-2025-31651 applied in versions: 10.1.53-r0, 9.0.58-r0, 9.0.63-r0, 9.0.64-r0, 9.0.68-r0, 9.0.70-r0, 9.0.71-r0, 9.0.73-r0, 9.0.80-r0

Multiple security vulnerabilities affect the tomcat10 package. These issues are resolved in later releases. See references for individual vulnerability details...

9.8CVSS7.5AI score0.73139EPSS
Exploits27References19
Ubuntu
Ubuntu
added 2024/08/01 8:25 p.m.58 views

USN-6943-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS CVE-2020-9484 It was discovered that Tomcat...

7.5CVSS7.6AI score0.73139EPSS
Exploits20
Tenable Nessus
Tenable Nessus
added 2024/08/01 12:0 a.m.30 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Tomcat vulnerabilities (USN-6943-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6943-1 advisory. It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. ...

7.5CVSS7.6AI score0.73139EPSS
Exploits20References6
Tenable Nessus
Tenable Nessus
added 2024/07/12 12:0 a.m.33 views

RHEL 6 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: EncryptInterceptor documentation mistake CVE-2022-29885 - tomcat: Open Redirect vulnerability in...

7.5CVSS8.2AI score0.73139EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2024/07/12 12:0 a.m.29 views

RHEL 9 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: EncryptInterceptor documentation mistake CVE-2022-29885 - tomcat: JsonErrorReportValve injection...

7.5CVSS8.2AI score0.73139EPSS
Exploits7References6
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.24 views

RHEL 9 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tomcat: Fix for CVE-2023-24998 was incomplete CVE-2023-28709 Note that Nessus has not tested for this issue but has...

7.5CVSS7.2AI score0.51547EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.36 views

RHEL 7 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Information Disclosure when using VirtualDirContext CVE-2017-12616 - When using the RemoteIpFilte...

7.5CVSS7.3AI score0.708EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.25 views

RHEL 8 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: EncryptInterceptor documentation mistake CVE-2022-29885 - The HTTP/2 implementation in Apache...

8.1AI score0.73139EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.34 views

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-005)

The version of tomcat installed on the remote host is prior to 8.5.79-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-005 advisory. A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux,...

9.8CVSS7.8AI score0.99677EPSS
Exploits107References6
Mageia
Mageia
added 2023/04/15 7:3 p.m.142 views

Updated tomcat packages fix security vulnerability

Information disclosure due to concurrency bug CVE-2021-43980 Fix for CVE-2020-9484 introduced a time of check, time of use vulnerability CVE-2022-23181 Correct documentation to warn of use over untrusted networks. CVE-2022-29885 Correct documentation showing use of XSS vulnerability. CVE-2022-343...

7.5CVSS6.7AI score0.73139EPSS
Exploits21References12
Packet Storm
Packet Storm
added 2023/04/06 12:0 a.m.380 views

Apache Tomcat 10.1 Denial Of Service

Exploit Title: Apache Tomcat 10.1 - Denial Of Service Google Dork: N/A Date: 13/07/2022 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/download-10.cgi Version: = 10.1 Tested on: Apache Tomcat 10.0 Docker CVE :...

7.5CVSS7.7AI score0.73139EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.392 views

Apache Tomcat 10.1 - Denial Of Service

Exploit Title: Apache Tomcat 10.1 - Denial Of Service Google Dork: N/A Date: 13/07/2022 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/download-10.cgi Version: = 10.1 Tested on: Apache Tomcat 10.0 Docker CVE :...

7.5CVSS7AI score0.73139EPSS
Exploits5
0day.today
0day.today
added 2023/04/05 12:0 a.m.384 views

Apache Tomcat 10.1 - Denial Of Service Exploit

Exploit Title: Apache Tomcat 10.1 - Denial Of Service Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/download-10.cgi Version: = 10.1 Tested on: Apache Tomcat 10.0 Docker CVE : CVE-2022-29885 CVE Owner: 4ra1n Exploit...

7.5CVSS7.7AI score0.73139EPSS
Exploits5
F5 Networks
F5 Networks
added 2023/02/21 6:49 p.m.228 views

K47096851: Apache Tomcat vulnerability CVE-2022-29885

Security Advisory Description The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the...

7.5CVSS8.6AI score0.73139EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2022/10/30 12:0 a.m.58 views

Debian DSA-5265-1 : tomcat9 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5265 advisory. - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the...

7.5CVSS7.3AI score0.73139EPSS
Exploits20References11
Debian
Debian
added 2022/10/29 9:59 p.m.74 views

[SECURITY] [DSA 5265-1] tomcat9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5265-1 [email protected] https://www.debian.org/security/ Markus Koschany October 29, 2022 https://www.debian.org/security/faq -...

7.5CVSS7.5AI score0.73139EPSS
Exploits20
Debian
Debian
added 2022/10/26 12:16 p.m.81 views

[SECURITY] [DLA 3160-1] tomcat9 security update

Debian LTS Advisory DLA-3160-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 26, 2022 https://wiki.debian.org/LTS Package : tomcat9 Version : 9.0.31-1deb10u7 CVE ID : CVE-2021-43980 CVE-2022-23181 CVE-2022-29885 Several security vulnerabilities have been...

7.5CVSS6.7AI score0.73139EPSS
Exploits20
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/21 5:17 a.m.47 views

Security Bulletin: IBM Rational Build Forge is vulnerable to a denial of service due to use of Apache Tomcat server (CVE-2022-29885).

Summary Apache Tomcat is used by IBM Rational Build Forge. This fix includes Apache Http Server 9.0.64. Vulnerability Details CVEID:CVE-2022-29885 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an use-after-free flaw in theEncryptInterceptor in an untrusted network. By...

7.5CVSS7.4AI score0.73139EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/18 3:30 p.m.48 views

Security Bulletin: IBM UrbanCode Build is vulnerable to denial of service due to use of Apache Tomcat (CVE-2022-29885).

Summary Apache Tomcat is used by IBM UrbanCode Build. This fix includes Apache Tomcat 8.5.79. Vulnerability Details CVEID:CVE-2022-29885 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an use-after-free flaw in theEncryptInterceptor in an untrusted network. By sending a...

7.5CVSS7.4AI score0.73139EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/18 3:25 p.m.45 views

Security Bulletin: IBM UrbanCode Release is vulnerable to a denial of service due to use of Apache Tomcat CVE-2022-29885

Summary Apache Tomcat is used by IBM UrbanCode Release. This fix includes Apache Tomcat 8.5.79. Vulnerability Details CVEID:CVE-2022-29885 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an use-after-free flaw in theEncryptInterceptor in an untrusted network. By sending...

7.5CVSS7.4AI score0.73139EPSS
Exploits5Affected Software1
Rows per page
Query Builder