28 matches found
Important: Red Hat Security Advisory: tomcat security update
An update for tomcat is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench
Summary Multiple vulnerabilities were addressed in IBM DevOps Solution Workbench version 5.1. Vulnerability Details CVEID:CVE-2025-46701 DESCRIPTION: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that...
Security Bulletin: IBM Watson Discovery Catridge affected by vulnerability in tomcat-embed-core-10.1.35.jar
Summary IBM Watson Discovery Catridge contains a vulnerable version of tomcat-embed-core-10.1.35.jar Vulnerability Details CVEID:CVE-2025-46701 DESCRIPTION: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints...
Atlassian Jira Service Management Data Center and Server 5.12.x < 5.12.24 / 10.3.x < 10.3.7 / 10.6.x < 10.7.0 (JSDSERVER-16311)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16311 advisory. - Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security...
Debian: Security Advisory (DLA-4244-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2025:02280-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2025:02261-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2025:02261-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2025:02280-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02280-1 advisory. - CVE-2025-46701: Fixed refactor CGI servlet to access resources via WebResources bsc1243815. - CVE-2025-48988: Fixe...
Security update for tomcat
This update for tomcat fixes the following issues: CVE-2025-46701: Fixed refactor CGI servlet to access resources via WebResources bsc1243815. CVE-2025-48988: Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656...
SUSE: Security Advisory (SUSE-SU-2025:02214-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2025:02214-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02214-1 advisory. - CVE-2025-46701: Refactored CGI servlet to access resources via WebResources bsc1243815. - CVE-2025-48988: Limited the total number of parts ...
Photon OS 4.0: Apache PHSA-2025-4.0-0823
An update of the apache package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0823. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Medium: tomcat9
Issue Overview: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, fr...
Medium: tomcat10
Issue Overview: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, fr...
Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-1030)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1030 advisory. Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the...
Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-019)
The version of tomcat installed on the remote host is prior to 9.0.105-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2025-019 advisory. Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of...
Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2025-1031)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1031 advisory. Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the...
OESA-2025-1641 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: A vulnerability was found in...
Mageia: Security Advisory (MGASA-2025-0177)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...