Lucene search
K

64 matches found

OSV
OSV
added 3 days ago4 views

BIT-TOMCAT-2026-55957 Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0 through 11.0.4, from 10.1.0 through...

7.3CVSS6AI score0.00462EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.10 views

Apache Tomcat 9.0.0.M1 < 9.0.102

The version of Tomcat installed on the remote host is prior to 9.0.102. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.102security-9 advisory. - Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to...

7.3CVSS6AI score0.00462EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/29 10:23 p.m.5 views

Missing Critical Step in Authentication

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the JNDIRealm process when configured to authenticate binds using GSSAPI. An attacker can...

9.3CVSS5.8AI score0.00462EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 10:23 p.m.4 views

Missing Critical Step in Authentication

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the JNDIRealm process when configured to...

9.3CVSS5.8AI score0.00462EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 10:23 p.m.4 views

Missing Critical Step in Authentication

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the JNDIRealm process when configured to authenticate binds using GSSAPI. An attacker can gain unauthorized access by...

9.3CVSS5.8AI score0.00462EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 9:16 p.m.12 views

CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

7.3CVSS0.00462EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 8:47 p.m.49 views

CVE-2026-55957 Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

0.00462EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Tomcat9

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protections provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...

6.5CVSS6.7AI score0.09886EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: tomcat (UTSA-2026-017519)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017519 advisory. A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection...

6.5CVSS6.9AI score0.09886EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-1533

Malware in sbrugna...

6.5CVSS7.6AI score0.09886EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.32 views

Apache Tomcat 9.0.0.M1 < 9.0.46

The version of Tomcat installed on the remote host is prior to 9.0.46. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.46security-9 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a val...

6.5CVSS7.4AI score0.09886EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.26 views

Apache Tomcat 8.5.0 < 8.5.66

The version of Tomcat installed on the remote host is prior to 8.5.66. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.66security-8 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a val...

6.5CVSS7.4AI score0.09886EPSS
Exploits0References11
OSV
OSV
added 2024/03/06 11:10 a.m.35 views

BIT-TOMCAT-2021-30640 Auth weakness in JNDIRealm

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0 to 10.0.5; 9.0.0 to 9.0.45; 8.5.0 to 8.5.65...

6.5CVSS6.8AI score0.09886EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2024/02/06 12:0 a.m.40 views

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2024-017)

The version of tomcat installed on the remote host is prior to 8.5.69-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2024-017 advisory. 2024-02-15: CVE-2021-30640 was added to this advisory. 2024-02-15: CVE-2021-33037 was added to this advisory. A...

6.5CVSS7.3AI score0.75353EPSS
Exploits4References8
Amazon
Amazon
added 2024/02/05 12:0 a.m.8 views

Important: tomcat

Issue Overview: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to...

6.5CVSS6.9AI score0.75353EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.34 views

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-007)

The version of tomcat installed on the remote host is prior to 8.5.69-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-007 advisory. A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid...

6.5CVSS7.4AI score0.75353EPSS
Exploits1References6
Amazon
Amazon
added 2023/09/25 12:0 a.m.5 views

Medium: tomcat

Issue Overview: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to...

6.5CVSS6.9AI score0.75353EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.160 views

K35033051: Tomcat vulnerability CVE-2021-30640

Security Advisory Description A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45...

6.5CVSS7.8AI score0.09886EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.3 views

SUSE CVE-2021-30640

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...

6.5CVSS7.6AI score0.09886EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2022/08/25 12:0 a.m.79 views

GLSA-202208-34 : Apache Tomcat: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-34 Apache Tomcat: Multiple Vulnerabilities - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited...

7.5CVSS7AI score0.75353EPSS
Exploits16References12
Rows per page
Query Builder