Lucene search
K

72 matches found

OSV
OSV
added 2026/04/13 4:1 p.m.3 views

BIT-TOMCAT-2026-29146 Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0 through 11.0.18, from 10.0.0 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are recommended t...

7.5CVSS5.8AI score0.0504EPSS
Exploits1References8
OSV
OSV
added 2026/04/13 5:53 a.m.6 views

BIT-TOMCAT-2026-34486 Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

7.5CVSS5.8AI score0.21691EPSS
Exploits6References7
OSV
OSV
added 2026/04/12 5:23 a.m.7 views

MGASA-2026-0095 Updated tomcat packages fix security vulnerabilities

Request smuggling via invalid chunk extension. CVE-2026-24880 Occasionally open redirect. CVE-2026-25854 TLS cipher order is not preserved. CVE-2026-29129 OCSP checks sometimes soft-fail even when soft-fail is disabled. CVE-2026-29145 EncryptInterceptor vulnerable to padding oracle attack by...

9.1CVSS5.8AI score0.21691EPSS
Exploits8References12
SUSE CVE
SUSE CVE
added 2026/04/10 11:26 p.m.10 views

SUSE CVE-2026-29146

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

7.5CVSS5.8AI score0.0504EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2026/04/10 7:7 a.m.7 views

CVE-2026-29146

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS5AI score0.0504EPSS
Exploits1References4
OSV
OSV
added 2026/04/09 9:31 p.m.5 views

GHSA-69R9-QGR7-G2WJ Apache Tomcat Missing Encryption of Sensitive Data vulnerability

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

7.5CVSS5.8AI score0.21691EPSS
Exploits6References12
EUVD
EUVD
added 2026/04/09 9:31 p.m.5 views

EUVD-2026-21012

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

5.8AI score0.0504EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/09 9:31 p.m.6 views

Apache Tomcat: Padding Oracle vulnerability in EncryptInterceptor

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

7.5CVSS5.8AI score0.0504EPSS
Exploits1References11Affected Software2
NVD
NVD
added 2026/04/09 8:16 p.m.4 views

CVE-2026-34486

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

7.5CVSS0.21691EPSS
Exploits6References16
OSV
OSV
added 2026/04/09 8:16 p.m.3 views

DEBIAN-CVE-2026-29146

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

7.5CVSS5.6AI score0.0504EPSS
Exploits1References1
NVD
NVD
added 2026/04/09 8:16 p.m.6 views

CVE-2026-29146

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

7.5CVSS0.0504EPSS
Exploits1References17
OSV
OSV
added 2026/04/09 8:16 p.m.9 views

UBUNTU-CVE-2026-29146

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

7.5CVSS5.8AI score0.0504EPSS
Exploits1References4
OSV
OSV
added 2026/04/09 8:16 p.m.17 views

UBUNTU-CVE-2026-34486

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

7.5CVSS5.8AI score0.21691EPSS
Exploits6References3
UbuntuCve
UbuntuCve
added 2026/04/09 8:16 p.m.6 views

CVE-2026-34486

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

7.5CVSS5.8AI score0.21691EPSS
Exploits6References2
Cvelist
Cvelist
added 2026/04/09 7:35 p.m.30 views

CVE-2026-34486 Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

0.21691EPSS
Exploits6References1
Vulnrichment
Vulnrichment
added 2026/04/09 7:35 p.m.3 views

CVE-2026-34486 Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

5.8AI score0.21691EPSS
Exploits6References1
Debian CVE
Debian CVE
added 2026/04/09 7:35 p.m.5 views

CVE-2026-34486

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

7.5CVSS5.6AI score0.21691EPSS
Exploits6
ATTACKERKB
ATTACKERKB
added 2026/04/09 7:35 p.m.5 views

CVE-2026-34486

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

5.8AI score0.21691EPSS
Exploits6References2Affected Software1
Cvelist
Cvelist
added 2026/04/09 7:21 p.m.45 views

CVE-2026-29146 Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

0.0504EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/09 7:21 p.m.5 views

CVE-2026-29146 Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

5.8AI score0.0504EPSS
Exploits1References1
Rows per page
Query Builder