Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.10 views

Apache Tomcat 11.0.0.M1 < 11.0.5

The version of Tomcat installed on the remote host is prior to 11.0.5. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat11.0.5security-11 advisory. - Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to...

7.3CVSS6AI score0.00462EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Apache Tomcat 10.1.0.M1 < 10.1.39

The version of Tomcat installed on the remote host is prior to 10.1.39. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.39security-10 advisory. - Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to...

7.3CVSS6AI score0.00462EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 9:16 p.m.10 views

DEBIAN-CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

7.3CVSS5.7AI score0.00462EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 9:16 p.m.3 views

UBUNTU-CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

7.3CVSS5.7AI score0.00462EPSS
Exploits0References7
CVE
CVE
added 2026/06/29 8:47 p.m.102 views

CVE-2026-55957

CVE-2026-55957 describes an authentication bypass in Apache Tomcat when JNDIRealm is configured to authenticate binds using GSSAPI, allowing attackers to authenticate without the correct password. Affected releases include Tomcat 11.0.0-M1–11.0.4, 10.1.0-M1–10.1.36, 9.0.0.M1–9.0.100, 8.5.0–8.5.10...

7.3CVSS5.7AI score0.00462EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/29 8:47 p.m.8 views

CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

7.3CVSS5.7AI score0.00462EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53746

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.4 Apache Tomcat versions 10.1.0-M1 through 10.1.36 Apache Tomcat versions 9.0.0.M1 through 9.0.100 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109...

7.3CVSS5.8AI score0.00462EPSS
Exploits0References13
Redos
Redos
added 2025/04/24 12:0 a.m.10 views

ROS-20250424-14

Vulnerability in Apache Tomcat application server's JNDIRealm module implementation is related to flaws in the authentication mechanism. authentication mechanism. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information. Unauthorized...

6.5CVSS7.1AI score0.09886EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/04 12:0 a.m.18 views

SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2025:1126-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1126-1 advisory. - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 - Update t...

10CVSS7.1AI score0.99945EPSS
Exploits58References7
Tenable Nessus
Tenable Nessus
added 2025/03/27 12:0 a.m.21 views

SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2025:1024-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1024-1 advisory. - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 Other fixe...

10CVSS7.8AI score0.99945EPSS
Exploits58References7
Cvelist
Cvelist
added 2021/07/12 2:55 p.m.36 views

CVE-2021-30640 Auth weakness in JNDIRealm

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...

7.1AI score0.09886EPSS
Exploits0References9
Rows per page
Query Builder