Apache Tomcat 11.0.0.M1 < 11.0.15 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 11.0.15. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.15security-11 advisory. - Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through...

Fixed in Apache Tomcat 10.1.50

Low: Security constraint bypass CVE-2026-24733 Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification invalid HEAD...