OESA-2026-1651 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Improper Input Validation...

SUSE-SU-2026:0932-1 Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation bypas...

SUSE-SU-2026:0922-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385...

Apache Tomcat 11.0.0.M1 < 11.0.15 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 11.0.15. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.15security-11 advisory. - Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through...

CVE-2026-24733

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...

Apache Tomcat 输入验证错误漏洞

Apache Tomcat is a lightweight Web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Versions of Apache Tomcat 11.0.14 and earlier, 10.1.49 and earlier, as well as 9.0.112 and earlier, have a vulnerability related...

Fixed in Apache Tomcat 10.1.50

Low: Security constraint bypass CVE-2026-24733 Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification invalid HEAD...

EUVD-2016-5745

Malware in sbrugna...

EUVD-2018-0544

Malware in sbrugna...

K21054458: Eclipse Jetty vulnerability CVE-2017-7656

Security Advisory Description In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, HTTP/0.9 is handled poorly. An HTTP/1 style request line i.e. method space URI space version that declares a version of HTTP/0.9...

FreeBSD : zeek -- potential DoS vulnerabilities (2b5fc9c4-eaca-46e0-83d0-9b10c51c4b1b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2b5fc9c4-eaca-46e0-83d0-9b10c51c4b1b advisory. - Tim Wojtulewicz of Corelight reports: A missing field in the SMB FSControl script-land record could...

F5 Networks BIG-IP : Eclipse Jetty vulnerability (K21054458)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K21054458 advisory. In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration wit...

Mozilla Firefox XSS Vulnerability (CVE-2011-3656) - Linux

Mozilla Firefox is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2011-3656

Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing...

Cross site scripting

Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing...

CVE-2011-3656

Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing...

CVE-2011-3656

CVE-2011-3656 affects Mozilla Firefox up to version 3.6.24 and 4.x through 7, with a Cross-Site Scripting (XSS) flaw that allows remote attackers to inject arbitrary script or HTML via HTTP 0.9 error handling, non-default ports, and content-sniffing. The provided documents consistently describe t...

CVE-2017-7656

In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, HTTP/0.9 is handled poorly. An HTTP/1 style request line i.e. method space URI space version that declares a version of HTTP/0.9 was accepted and treated as a...

CVE-2017-7656

In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, HTTP/0.9 is handled poorly. An HTTP/1 style request line i.e. method space URI space version that declares a version of HTTP/0.9 was accepted and treated as a...

CVE-2017-7656

In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, HTTP/0.9 is handled poorly. An HTTP/1 style request line i.e. method space URI space version that declares a version of HTTP/0.9 was accepted and treated as a...