24 matches found
Astra Linux - уязвимость в tomcat9
A vulnerability exists in Apache Tomcat where an unchecked error condition can occur. If Tomcat is configured to use a custom Jakarta Authentication ServerAuthContext component, exceptions may be thrown during the authentication process without an explicit HTTP status indicating failure. As a...
CLSA-2026-1776163133 tomcat: Fix of 3 CVEs
CVE-2024-52316: fix unchecked error condition in Jakarta Authentication JASPIC ServerAuthContext - CVE-2025-46701: fix case sensitivity bypass in CGI servlet pathInfo - CVE-2025-55754: add escaping to logging output for ANSI sequences...
EUVD-2024-3331
Malicious code in bioql PyPI...
BIT-TOMCAT-2024-52316 Apache Tomcat: Authentication bypass when using Jakarta Authentication API
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...
tomcat: Apache Tomcat: Authentication bypass when using Jakarta Authentication API
A flaw was found in Apache Tomcat when configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component. This vulnerability allows authentication bypass via improperly handled exceptions during the authentication process...
tomcat: Apache Tomcat: Authentication bypass when using Jakarta Authentication API
A flaw was found in Apache Tomcat when configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component. This vulnerability allows authentication bypass via improperly handled exceptions during the authentication process...
tomcat: Apache Tomcat: Authentication bypass when using Jakarta Authentication API
A flaw was found in Apache Tomcat when configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component. This vulnerability allows authentication bypass via improperly handled exceptions during the authentication process...
SUSE CVE-2024-52316
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...
Security update for tomcat
This update for tomcat fixes the following issues: Update to Tomcat 9.0.97 Fixed CVEs: CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status bsc1233434 Catalina Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints. markt Add: 55470:...
SUSE-SU-2024:4105-1 Security update for tomcat10
This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.33 Fixed CVEs: + CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status bsc1233434 Catalina + Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints. markt +...
MGASA-2024-0379 Updated tomcat packages fix security vulnerabilities
Authentication bypass when using Jakarta Authentication API. CVE-2024-52316 Incorrect JSP tag recycling leads to XSS. CVE-2024-52318...
Security update for tomcat
This update for tomcat fixes the following issues: CVE-2024-52316: Fixed an authentication bypass when using Jakarta Authentication API bsc1233434. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...
Apache Tomcat 10.1.0-M1 < 10.1.31 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host 9.0.0-M1 to 9.0.95, 10.1.0-M1 to 10.1.30 or 11.0.0-M1 to 11.0.0-M26. It is, therefore, affected by multiple vulnerabilities : - If Tomcat was configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component whi...
Apache Tomcat 9.0.0-M1 < 9.0.96 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host 9.0.0-M1 to 9.0.95, 10.1.0-M1 to 10.1.30 or 11.0.0-M1 to 11.0.0-M26. It is, therefore, affected by multiple vulnerabilities : - If Tomcat was configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component whi...
CVE-2024-52316
A flaw was found in Apache Tomcat when configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component. This vulnerability allows authentication bypass via improperly handled exceptions during the authentication process...
GHSA-XCPR-7MR4-H4XQ Apache Tomcat - Authentication Bypass
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...
Apache Tomcat - Authentication Bypass
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...
DEBIAN-CVE-2024-52316
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...
UBUNTU-CVE-2024-52316
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...
CVE-2024-52316 Apache Tomcat: Authentication bypass when using Jakarta Authentication API
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...