Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2025/05/29 12:0 a.m.10 views

Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-018)

The version of tomcat installed on the remote host is prior to 9.0.104-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2025-018 advisory. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewri...

9.8CVSS7.6AI score0.0418EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2025/05/19 2:42 a.m.29 views

K000151397: Apache Tomcat vulnerabilities CVE-2025-31650, CVE-2025-31651

Security Advisory Description CVE-2025-31650 Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger a...

9.8CVSS7.6AI score0.66933EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2025/05/16 12:0 a.m.21 views

Apache Tomcat 10.1.0-M1 < 10.1.40 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.104, 10.1.0-M1 prior to 10.1.40 or 11.0.0-M1 prior to 11.0.6. It is, therefore, affected by multiple vulnerabilities : - A denial of service via invalid HTTP priority header. CVE-2025-31650 - A rewrite rule bypass...

9.8CVSS9.8AI score0.66933EPSS
Exploits6References3
Tenable Nessus
Tenable Nessus
added 2025/05/16 12:0 a.m.14 views

Apache Tomcat 11.0.0-M1 < 11.0.6 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.104, 10.1.0-M1 prior to 10.1.40 or 11.0.0-M1 prior to 11.0.6. It is, therefore, affected by multiple vulnerabilities : - A denial of service via invalid HTTP priority header. CVE-2025-31650 - A rewrite rule bypass...

9.8CVSS9.8AI score0.66933EPSS
Exploits6References3
Tenable Nessus
Tenable Nessus
added 2025/05/16 12:0 a.m.40 views

Apache Tomcat 9.0.0-M1 < 9.0.104 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.104, 10.1.0-M1 prior to 10.1.40 or 11.0.0-M1 prior to 11.0.6. It is, therefore, affected by multiple vulnerabilities : - A denial of service via invalid HTTP priority header. CVE-2025-31650 - A rewrite rule bypass...

9.8CVSS9.8AI score0.66933EPSS
Exploits6References3
OSV
OSV
added 2025/05/05 4:57 a.m.11 views

MGASA-2025-0145 Updated tomcat packages fix security vulnerabilities

DoS via malformed HTTP/2 PRIORITYUPDATE frame. CVE-2025-31650 Bypass of rules in Rewrite Valve. CVE-2025-31651...

9.8CVSS8.8AI score0.66933EPSS
Exploits6References4
OSV
OSV
added 2025/04/28 7:17 p.m.17 views

CVE-2025-31651 Apache Tomcat: Bypass of rules in Rewrite Valve

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

9.8CVSS6.9AI score0.0418EPSS
Exploits1References5
Apache Tomcat
Apache Tomcat
added 2025/04/09 12:0 a.m.26 views

Fixed in Apache Tomcat 11.0.6

Low: Rewrite rule bypass CVE-2025-31651 For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This was fixed with...

9.8CVSS7.3AI score0.66933EPSS
Exploits6Affected Software1
Apache Tomcat
Apache Tomcat
added 2025/04/08 12:0 a.m.65 views

Fixed in Apache Tomcat 9.0.104

Note: The issues below were fixed in Apache Tomcat 9.0.103 but the release vote for the 9.0.103 release candidate did not pass. Therefore, although users must download 9.0.104 to obtain a version that includes a fix for these issues, version 9.0.103 is not included in the list of affected version...

9.8CVSS7.7AI score0.66933EPSS
Exploits6Affected Software1
Apache Tomcat
Apache Tomcat
added 2025/04/08 12:0 a.m.45 views

Fixed in Apache Tomcat 10.1.40

Low: Rewrite rule bypass CVE-2025-31651 For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This was fixed with...

9.8CVSS7.3AI score0.66933EPSS
Exploits6Affected Software1
Rows per page
Query Builder