Lucene search
+L

177 matches found

RedhatCVE
RedhatCVE
added 2026/07/08 2:47 p.m.4 views

CVE-2026-55956

A flaw was found in Apache Tomcat where access control rules for the default servlet are improperly handled. An attacker can exploit this issue to bypass specific HTTP method restrictions, potentially gaining unauthorized access to protected application resources. Mitigation Review your...

6.5CVSS5.9AI score0.0041EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 4:18 p.m.4 views

BIT-TOMCAT-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0...

6.5CVSS5.9AI score0.0041EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/07/01 3:15 a.m.4 views

SUSE CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.9AI score0.0041EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/29 10:23 p.m.10 views

Improper Authorization

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Improper Authorization due to the improper enforcement of security constraints in the default...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 9:16 p.m.17 views

CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS0.0041EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 9:16 p.m.6 views

DEBIAN-CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.7AI score0.0041EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 8:46 p.m.125 views

CVE-2026-55956

CVE-2026-55956 is an improper authorization vulnerability in Apache Tomcat. The issue causes the security constraints configured for the default servlet to ignore certain methods or method omissions, potentially bypassing intended access controls. Affected product ranges include Tomcat versions 1...

6.5CVSS5.7AI score0.0041EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/29 8:46 p.m.6 views

CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.7AI score0.0041EPSS
Exploits0
OSV
OSV
added 2026/06/29 8:46 p.m.3 views

CVE-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.9AI score0.0041EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 8:46 p.m.51 views

CVE-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

0.0041EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53745

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References39
Apache Tomcat
Apache Tomcat
added 2026/06/23 12:0 a.m.9 views

Fixed in Apache Tomcat 9.0.119

Moderate: Security constraints for default servlet ignored method CVE-2026-55956 If security constraints were specified for the default servlet, any method or method omission configured as part of the constraint was ignored. This was fixed with commit a0374c45. This issue was reported to the Tomc...

9.1CVSS6.1AI score0.02569EPSS
Exploits1Affected Software1
Apache Tomcat
Apache Tomcat
added 2026/06/22 12:0 a.m.7 views

Fixed in Apache Tomcat 10.1.56

Moderate: Security constraints for default servlet ignored method CVE-2026-55956 If security constraints were specified for the default servlet, any method or method omission configured as part of the constraint was ignored. This was fixed with commit 9c3b1efb. This issue was reported to the Tomc...

9.1CVSS6.1AI score0.02569EPSS
Exploits1Affected Software1
Apache Tomcat
Apache Tomcat
added 2026/06/22 12:0 a.m.6 views

Fixed in Apache Tomcat 11.0.23

Moderate: Security constraints for default servlet ignored method CVE-2026-55956 If security constraints were specified for the default servlet, any method or method omission configured as part of the constraint was ignored. This was fixed with commit 3f6bd2ba. This issue was reported to the Tomc...

9.1CVSS6.1AI score0.02569EPSS
Exploits1Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.19 views

Astra Linux – Vulnerability in Tomcat9

The “Time-of-check Time-of-use” TOCTOU race condition vulnerability during JSP compilation in Apache Tomcat allows for a race condition on case-insensitive file systems when the default servlet is enabled for writing not in the default configuration. This issue affects Apache Tomcat versions from...

9.8CVSS8.4AI score0.44312EPSS
Exploits13References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.24 views

Astra Linux – Vulnerability in Tomcat9

Path Equivalence: The path ‘file.Name’ Internal Dot leads to remote code execution, information disclosure, and the addition of malicious content to uploaded files via the write-enabled default servlet in Apache Tomcat. This issue affects Apache Tomcat versions as follows: - 11.0.0-M1 through...

10CVSS7.4AI score0.99945EPSS
Exploits47References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty versions 9.2.26 and earlier, 9.3.25 and earlier, as well as 9.4.15 and earlier, the server is vulnerable to XSS attacks if a remote client uses a specially formatted URL against the DefaultServlet or ResourceHandler that is configured to display a listing of directory contents...

6.1CVSS6.8AI score0.09591EPSS
Exploits0References1
NVD
NVD
added 2026/01/27 9:15 a.m.9 views

CVE-2026-24824

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

6.9CVSS0.00318EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/27 9:1 a.m.4 views

CVE-2026-24824

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

6.9CVSS5.9AI score0.00318EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/27 9:1 a.m.35 views

CVE-2026-24824 A XSS in yacy/yacy_search_server

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

6.9CVSS0.00318EPSS
Exploits0References1
Rows per page
Query Builder