Lucene search
K

46 matches found

osv
osv
added 2026/05/18 1:35 p.m.21 views

CLEANSTART-2026-MR27796 Security fixes for CVE-2022-23181, CVE-2022-29885, CVE-2022-34305, CVE-2022-42252, CVE-2022-45143, CVE-2023-24998, CVE-2023-28708, CVE-2025-31650, CVE-2025-31651 applied in versions: 10.1.53-r0, 9.0.58-r0, 9.0.63-r0, 9.0.64-r0, 9.0.68-r0, 9.0.70-r0, 9.0.71-r0, 9.0.73-r0, 9.0.80-r0

Multiple security vulnerabilities affect the tomcat10 package. These issues are resolved in later releases. See references for individual vulnerability details...

9.8CVSS7.5AI score0.73139EPSS
Exploits27References19
ibm
ibm
added 2025/03/26 3:39 a.m.124 views

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-25220 DESCRIPTION: ISC BIND could allow a remote attacker to bypass...

7.5CVSS9.6AI score0.0325EPSS
Exploits1Affected Software1
openvas
openvas
added 2024/07/09 12:0 a.m.33 views

Ubuntu: Security Advisory (USN-6880-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.01448EPSS
Exploits0References2
nessus
nessus
added 2023/09/27 12:0 a.m.32 views

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-002)

The version of tomcat installed on the remote host is prior to 8.5.79-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2023-002 advisory. If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore...

7.5CVSS7.1AI score0.01448EPSS
Exploits0References4
nessus
nessus
added 2023/09/27 12:0 a.m.22 views

Amazon Linux 2 : tomcat, --advisory ALAS2TOMCAT9-2023-005 (ALASTOMCAT9-2023-005)

The version of tomcat installed on the remote host is prior to 9.0.65-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2023-005 advisory. The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards...

3.7CVSS6.9AI score0.01912EPSS
Exploits0References4
amazon
amazon
added 2023/09/25 12:0 a.m.5 views

Important: tomcat

Issue Overview: If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length...

7.5CVSS7AI score0.01448EPSS
Exploits0
ibm
ibm
added 2023/06/13 8:57 p.m.25 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTTP request smuggling in Apache Tomcat (CVE-2022-42252).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTTP request smuggling in Apache Tomcat caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP headers via setting rejectIllegalHeader to...

7.5CVSS7.2AI score0.01448EPSS
Exploits0Affected Software1
mageia
mageia
added 2023/04/15 7:3 p.m.142 views

Updated tomcat packages fix security vulnerability

Information disclosure due to concurrency bug CVE-2021-43980 Fix for CVE-2020-9484 introduced a time of check, time of use vulnerability CVE-2022-23181 Correct documentation to warn of use over untrusted networks. CVE-2022-29885 Correct documentation showing use of XSS vulnerability. CVE-2022-343...

7.5CVSS6.7AI score0.73139EPSS
Exploits21References12
redhat
redhat
added 2023/04/12 12:30 p.m.45 views

Low: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.2 release and security update

An update is now available for Red Hat JBoss Web Server 5.7.2 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS6.7AI score0.02505EPSS
Exploits0References3
nessus
nessus
added 2023/04/12 12:0 a.m.37 views

RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.2 (RHSA-2023:1663)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1663 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...

7.5CVSS7.2AI score0.02505EPSS
Exploits0References7
openvas
openvas
added 2023/04/11 12:0 a.m.21 views

Debian: Security Advisory (DLA-3384-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.01831EPSS
Exploits0References4
debian
debian
added 2023/04/05 8:7 p.m.49 views

[SECURITY] [DSA 5381-1] tomcat9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5381-1 [email protected] https://www.debian.org/security/ Markus Koschany April 05, 2023 https://www.debian.org/security/faq -...

7.5CVSS7.8AI score0.02505EPSS
Exploits0
debian
debian
added 2023/04/05 7:47 p.m.43 views

[SECURITY] [DLA 3384-1] tomcat9 security update

Debian LTS Advisory DLA-3384-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany April 05, 2023 https://wiki.debian.org/LTS Package : tomcat9 Version : 9.0.31-1deb10u8 CVE ID : CVE-2022-42252 CVE-2023-28708 Debian Bug : 1033475 Two security vulnerabilities have been...

7.5CVSS6.7AI score0.01831EPSS
Exploits0
ibm
ibm
added 2023/03/29 1:48 a.m.53 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in Apache Tomcat affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2022-42252 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid...

7.5CVSS7.5AI score0.01448EPSS
Exploits0Affected Software10
f5
f5
added 2023/03/28 6:56 a.m.36 views

K000133224: Apache Tomcat vulnerability CVE-2022-42252

Security Advisory Description If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid...

7.5CVSS7.3AI score0.01448EPSS
Exploits0
amazon
amazon
added 2023/03/22 12:0 a.m.6 views

Important: tomcat9

Issue Overview: If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length...

7.5CVSS7.7AI score0.01448EPSS
Exploits0
openvas
openvas
added 2023/02/09 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2023-1341)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.01448EPSS
Exploits0References2
nessus
nessus
added 2023/02/08 12:0 a.m.39 views

EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2023-1341)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers...

7.5CVSS7.1AI score0.01448EPSS
Exploits0References2
ibm
ibm
added 2023/01/20 4:15 p.m.72 views

Security Bulletin: IBM UrbanCode Release is affected by CVE-2022-42252

Summary IBM UrbanCode Release is affected by CVE-2022-42252 Vulnerability Details CVEID:CVE-2022-42252 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP...

7.5CVSS7.2AI score0.01448EPSS
Exploits0Affected Software1
ibm
ibm
added 2023/01/20 4:11 p.m.33 views

Security Bulletin: IBM UrbanCode Release is affected by CVE-2022-42252

Summary IBM UrbanCode Release is affected by CVE-2022-42252 Vulnerability Details CVEID:CVE-2021-43980 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a long standing concurrency flaw in the simplified implementation of blocking reads and writes...

7.5CVSS5.9AI score0.01912EPSS
Exploits0Affected Software1
Rows per page
Query Builder