EUVD-2023-2799

Malicious code in bioql PyPI...

SUSE SLES15 Security Update : python-aiohttp (SUSE-SU-2025:03201-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03201-1 advisory. - CVE-2025-53643: request smuggling vulnerability due to incorrect parsing trailer sections of an HTTP request bsc1246517. Tenable has...

SUSE CVE-2023-45648

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomca...

USN-7106-1 tomcat9 vulnerabilities

It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. CVE-2023-28708 It was discovered that Tomcat had a vulnerability in its...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Tomcat vulnerabilities (USN-7106-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7106-1 advisory. It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with request...

USN-7032-1: Tomcat vulnerability

It was discovered that Tomcat incorrectly handled HTTP trailer headers. A remote attacker could possibly use this issue to perform HTTP request smuggling...

Oracle Linux 9 : tomcat (ELSA-2024-1134)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1134 advisory. 1:9.0.62-37.el93.2 - Resolves: 2252050 HTTP request smuggling via malformed trailer headers CVE-2023-46589 Tenable has extracted the preceding description block...

BIT-TOMCAT-2023-45648 Apache Tomcat: Trailer header parsing too lenient

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0 through 11.0.0, from 10.1.0 through 10.1.13, from 9.0.0 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a...

SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2024:0472-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0472-1 advisory. - Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache...

Rocky Linux 8 : tomcat (RLSA-2024:0539)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:0539 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82...

CLSA-2024-1707420277 Fix CVE(s): CVE-2023-46589

SECURITY UPDATE: Incorrect parsing of HTTP trailer headers - debian/patches/CVE-2023-46589.patch: Ensure IOException on request read always triggers error handling - CVE-2023-46589 Internal tests: - debian/patches/0100-stop-testing-if-a-failure-occurs.patch: Stop testing if a failure occurs -...

Oracle Linux 8 : tomcat (ELSA-2024-0539)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0539 advisory. 1:9.0.62-27.3 - tomcat: HTTP request smuggling via malformed trailer headers CVE-2023-46589 Tenable has extracted the preceding description block directly from...

AlmaLinux 8 : tomcat (ALSA-2024:0539)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0539 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 a...

RHEL 8 : tomcat (RHSA-2024:0539)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0539 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: HTTP request smuggling via...

ALSA-2024:0474 Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...

SUSE SLES12 Security Update : tomcat (SUSE-SU-2024:0206-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0206-1 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from...

Amazon Linux AMI : tomcat8 (ALAS-2024-1909)

The version of tomcat8 installed on the remote host is prior to 8.5.96-1.96. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1909 advisory. Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.1...

Medium: tomcat8

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header siz...

Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2024-471)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-471 advisory. Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not...