Lucene search
K

12 matches found

RedHat Linux
RedHat Linux
added 7 hours ago4 views

Important: Red Hat Security Advisory: tomcat9 security, bug fix, and enhancement update

An update for tomcat9 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.5CVSS6.2AI score0.15831EPSS
Exploits6References4
RedHat Linux
RedHat Linux
added 7 hours ago3 views

Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass

A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...

7.5CVSS6.1AI score0.15831EPSS
Exploits6References5
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.8 views

SUSE SLES15 Security Update : tomcat10 (SUSE-SU-2026:1603-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1603-1 advisory. Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open...

9.1CVSS8.8AI score0.15831EPSS
Exploits7References32
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.6 views

openSUSE 16 Security Update : tomcat10 (openSUSE-SU-2026:20612-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20612-1 advisory. - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open...

9.1CVSS5.6AI score0.15831EPSS
Exploits7References31
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.5 views

SUSE SLES15 Security Update : tomcat11 (SUSE-SU-2026:1558-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1558-1 advisory. Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open...

9.1CVSS8.7AI score0.15831EPSS
Exploits7References32
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.13 views

openSUSE 16 Security Update : tomcat (openSUSE-SU-2026:20611-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20611-1 advisory. - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. -...

9.1CVSS5.6AI score0.15831EPSS
Exploits7References31
OSV
OSV
added 2026/04/22 11:9 a.m.4 views

SUSE-SU-2026:21379-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...

9.1CVSS7.4AI score0.15831EPSS
Exploits7References21
OSV
OSV
added 2026/04/22 10:52 a.m.8 views

OPENSUSE-SU-2026:20612-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...

9.1CVSS5.3AI score0.15831EPSS
Exploits7References20
OSV
OSV
added 2026/04/22 10:52 a.m.7 views

OPENSUSE-SU-2026:20611-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OCSP checks sometimes soft-fail...

9.1CVSS8.6AI score0.15831EPSS
Exploits7References20
Vulnrichment
Vulnrichment
added 2026/04/09 7:35 p.m.3 views

CVE-2026-34486 Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

5.8AI score0.15831EPSS
Exploits6References1
Apache Tomcat
Apache Tomcat
added 2026/04/04 12:0 a.m.14 views

Fixed in Apache Tomcat 11.0.21

Moderate: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled CVE-2026-34500 CLIENTCERT authentication did not fail as expected for some scenarios when soft fail was disabled and FFM was used. This was fixed with commit c13e60e7. This issue was reported to the Tomcat security...

7.5CVSS5.9AI score0.15831EPSS
Exploits6Affected Software1
Apache Tomcat
Apache Tomcat
added 2026/04/02 12:0 a.m.8 views

Fixed in Apache Tomcat 10.1.54

Moderate: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled CVE-2026-34500 CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used. This was fixed with commit 29b56a56. This issue was reported to the Tomcat security...

7.5CVSS5.9AI score0.15831EPSS
Exploits6Affected Software1
Rows per page
Query Builder