CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

47 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•16 views

Astra Linux - уязвимость в tomcat9

The “Time-of-Check Time-of-Use” TOCTOU race condition vulnerability during JSP compilation in Apache Tomcat allows for a race condition on case-insensitive file systems when the default servlet is enabled for writing non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1...

9.8CVSS7.3AI score0.84587EPSS

Exploits12References2

Tenable Nessus•added 2026/01/13 12:0 a.m.•6 views

MiracleLinux 9 : pki-servlet-engine-9.0.50-1.el9_2.2 (AXSA:2025-10718:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10718:01 advisory. tomcat: RCE due to TOCTOU issue in JSP compilation CVE-2024-50379 Tenable has extracted the preceding description block directly from the MiracleLinux...

9.8CVSS8.5AI score0.84587EPSS

Exploits12References2

Tenable Nessus•added 2026/01/13 12:0 a.m.•10 views

MiracleLinux 8 : tomcat-9.0.87-1.el8_10.3 (AXSA:2025-9846:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9846:02 advisory. tomcat: RCE due to TOCTOU issue in JSP compilation CVE-2024-50379 tomcat: Potential RCE and/or information disclosure and/or information corruption...

10CVSS8.6AI score0.9413EPSS

Exploits55References3

Tenable Nessus•added 2026/01/13 12:0 a.m.•8 views

MiracleLinux 9 : tomcat-9.0.87-2.el9_5.1 (AXSA:2025-9840:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9840:01 advisory. tomcat: RCE due to TOCTOU issue in JSP compilation CVE-2024-50379 tomcat: Potential RCE and/or information disclosure and/or information corruption...

10CVSS8.6AI score0.9413EPSS

Exploits55References3

OSV•added 2025/12/01 7:8 p.m.•3 views

CLSA-2025-1764580671 pki-servlet-engine: Fix of 2 CVEs

CVE-2024-50379: fix TOCTOU vulnerability in JSP compilation to prevent RCE on case insensitive file systems - CVE-2024-38286: fix issue of resource allocation without limits or throttling vulnerability in TLS handshake process - Apply skip-common-daemon patch to remove the commons-daemon.jar copy...

9.8CVSS7.3AI score0.84587EPSS

Exploits12References1

Tenable Nessus•added 2025/10/09 12:0 a.m.•10 views

AlmaLinux 10 : tomcat9 (ALSA-2025:11332)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11332 advisory. tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2...

9.8CVSS7.6AI score0.84587EPSS

Exploits17References4

Tenable Nessus•added 2025/10/04 12:0 a.m.•7 views

RockyLinux 10 : tomcat9 (RLSA-2025:11332)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:11332 advisory. tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2...

9.8CVSS7.6AI score0.84587EPSS

Exploits17References5

Rockylinux•added 2025/07/29 1:40 p.m.•7 views

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages...

10CVSS9.2AI score0.9413EPSS

Exploits55

OSV•added 2025/07/29 1:40 p.m.•10 views

RLSA-2025:3645 Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: RCE due to TOCTOU issue in JSP compilation CVE-2024-50379 tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT CVE-2025-24813 For...

8.6CVSS8.2AI score0.9413EPSS

Exploits55References3

RedHat Linux•added 2025/07/17 11:5 a.m.•8 views

tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...

9.8CVSS7.6AI score0.84587EPSS

Exploits12References6

RedHat Linux•added 2025/07/16 3:30 p.m.•3 views

tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

9.8CVSS7.6AI score0.84587EPSS

Exploits12References6

RedHat Linux•added 2025/07/16 3:25 p.m.•9 views

tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

9.8CVSS7.6AI score0.84587EPSS

Exploits12References6

RedHat Linux•added 2025/07/16 3:19 p.m.•4 views

tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

9.8CVSS7.6AI score0.84587EPSS

Exploits12References6

Oracle linux•added 2025/07/16 12:0 a.m.•12 views

tomcat security update

1:9.0.87-3.el96.1 - Resolves: RHEL-91765 tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-31650 - Resolves: RHEL-71981 tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 1:9.0.87-3 - Resolves: RHEL-82945 tomcat: Potential RCE and/or...

9.8CVSS7.1AI score0.9413EPSS

Exploits60

Oracle linux•added 2025/07/16 12:0 a.m.•12 views

tomcat security update

1:9.0.87-1.el810.4 - Resolves: RHEL-91761 tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-31650 - Resolves: RHEL-71971 tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337...

9.8CVSS7.3AI score0.84587EPSS

Exploits17

AlmaLinux•added 2025/07/16 12:0 a.m.•8 views

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-3165...

9.8CVSS7.3AI score0.84587EPSS

Exploits17References6

OSV•added 2025/07/10 10:45 a.m.•20 views

BIT-TOMCAT-2024-50379 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0 through 11.0.1, from 10.1.0...

9.8CVSS7.3AI score0.84587EPSS

Exploits12References6

RedHat Linux•added 2025/05/08 12:17 p.m.•3 views

tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

9.8CVSS7.6AI score0.84587EPSS

Exploits12References6

RedHat Linux•added 2025/05/08 12:15 p.m.•2 views

tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

9.8CVSS7.6AI score0.84587EPSS

Exploits12References6

Tenable Nessus•added 2025/04/13 12:0 a.m.•12 views

RHEL 8 : tomcat (RHSA-2025:3684)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3684 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: RCE due to TOCTOU...

10CVSS8.6AI score0.9413EPSS

Exploits55References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by