64 matches found
BIT-TOMCAT-2026-55957 Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind
Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0 through 11.0.4, from 10.1.0 through...
Apache Tomcat 9.0.0.M1 < 9.0.102
The version of Tomcat installed on the remote host is prior to 9.0.102. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.102security-9 advisory. - Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to...
Missing Critical Step in Authentication
Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the JNDIRealm process when configured to authenticate binds using GSSAPI. An attacker can...
Missing Critical Step in Authentication
Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the JNDIRealm process when configured to...
Missing Critical Step in Authentication
Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the JNDIRealm process when configured to authenticate binds using GSSAPI. An attacker can gain unauthorized access by...
CVE-2026-55957
Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...
CVE-2026-55957 Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind
Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...
Astra Linux – Vulnerability in Tomcat9
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protections provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...
Unity Linux 20.1060e / 20.1070e Security Update: tomcat (UTSA-2026-017519)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017519 advisory. A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection...
EUVD-2021-1533
Malware in sbrugna...
Apache Tomcat 9.0.0.M1 < 9.0.46
The version of Tomcat installed on the remote host is prior to 9.0.46. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.46security-9 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a val...
Apache Tomcat 8.5.0 < 8.5.66
The version of Tomcat installed on the remote host is prior to 8.5.66. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.66security-8 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a val...
BIT-TOMCAT-2021-30640 Auth weakness in JNDIRealm
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0 to 10.0.5; 9.0.0 to 9.0.45; 8.5.0 to 8.5.65...
Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2024-017)
The version of tomcat installed on the remote host is prior to 8.5.69-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2024-017 advisory. 2024-02-15: CVE-2021-30640 was added to this advisory. 2024-02-15: CVE-2021-33037 was added to this advisory. A...
Important: tomcat
Issue Overview: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to...
Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-007)
The version of tomcat installed on the remote host is prior to 8.5.69-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-007 advisory. A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid...
Medium: tomcat
Issue Overview: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to...
K35033051: Tomcat vulnerability CVE-2021-30640
Security Advisory Description A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45...
SUSE CVE-2021-30640
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...
GLSA-202208-34 : Apache Tomcat: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202208-34 Apache Tomcat: Multiple Vulnerabilities - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited...