CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/10/07 12:0 a.m.•2 views

Unity Linux 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-986134)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986134 advisory. Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This wa...

7.5CVSS8.3AI score0.01205EPSS

OSV•added 2025/09/02 3:16 p.m.•2 views

MGASA-2025-0223 Updated tomcat packages fix vulnerabilities

APR/Native Connector crash leading to DoS. CVE-2025-52434 DoS via integer overflow in multipart file upload. CVE-2025-52520 DoS via excessive h2 streams at connection start. CVE-2025-53506 H2 DoS - Made You Reset. CVE-2025-48989...

7.5CVSS7.4AI score0.01247EPSS

Exploits0References6

Tenable Nessus•added 2025/08/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2017-15698

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle field...

5.9CVSS6.2AI score0.00431EPSS

RedHat Linux•added 2025/08/20 3:40 p.m.•1 views

tomcat: Apache Tomcat denial of service

A denial of service flaw was found in Apache Tomcat. A race condition during connection closure could trigger a JVM crash when using the APR/Native connector, leading to a denial of service. This issue was particularly noticeable with client-initiated closures of HTTP/2 connections...

RedHat Linux•added 2025/08/20 3:37 p.m.•1 views

tomcat: Apache Tomcat denial of service

RedHat Linux•added 2025/08/20 3:33 p.m.•0 views

tomcat: Apache Tomcat denial of service

Amazon•added 2025/08/04 12:0 a.m.•1 views

Important: tomcat

Issue Overview: Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from...

7.5CVSS7AI score0.01247EPSS

Exploits0

RedHat Linux•added 2025/07/28 1:56 p.m.•0 views

tomcat: Apache Tomcat denial of service

RedHat Linux•added 2025/07/28 1:54 p.m.•1 views

tomcat: Apache Tomcat denial of service

OSV•added 2025/07/25 1:16 p.m.•1 views

OESA-2025-1896 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Concurrent Execution using Shar...

7.5CVSS7AI score0.01247EPSS

OSV•added 2025/07/10 9:31 p.m.•1 views

GHSA-4J3C-42XV-3F84 Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 throug...

8.9CVSS7AI score0.01205EPSS

Exploits0References6

Vulnrichment•added 2025/07/10 7:3 p.m.•2 views

CVE-2025-52434 Apache Tomcat: APR/Native Connector crash leading to DoS

9.5AI score0.01205EPSS

Exploits0References1

Apache Tomcat•added 2025/07/04 12:0 a.m.•21 views

Fixed in Apache Tomcat 9.0.107

Important: APR/Native Connector crash leading to DoS CVE-2025-52434 A race condition on connection close could trigger a JVM crash when using the APR/Native connector leading to a DoS. This was particularly noticeable with client initiated closes of HTTP/2 connections. This was fixed with commit...

7.5CVSS8AI score0.01247EPSS

Exploits0Affected Software1

Snyk•added 2025/06/15 10:0 p.m.•2 views

Race Condition

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Race Condition on connection close when using the APR/Native connector. An attacker could trigger a JVM crash by rapidly opening and closing HTTP/2 connections...

8.9CVSS6.8AI score0.01205EPSS

SUSE CVE•added 2023/02/15 6:9 a.m.•1 views

SUSE CVE-2007-6286

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to...

4.3CVSS7AI score0.10024EPSS

Exploits1References5

SUSE CVE•added 2023/02/15 4:38 a.m.•2 views

SUSE CVE-2017-15698

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates th...

5.4CVSS6.9AI score0.00431EPSS

Tenable Nessus•added 2018/03/09 12:0 a.m.•132 views

Amazon Linux AMI : tomcat-native (ALAS-2018-965)

Mishandling of client certificates can allow for OCSP check bypass : When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip...

5.9CVSS6.3AI score0.00431EPSS

RedHat Linux•added 2018/03/07 3:9 p.m.•4 views

tomcat-native: Mishandling of client certificates can allow for OCSP check bypass

5.9CVSS7.3AI score0.00431EPSS