5 matches found
CLSA-2026-1769701085 pki-servlet-engine: Fix of CVE-2025-31651
CVE-2025-31651: fix improper neutralization of escape, meta or control sequences to avoid bypassing rewrite rules...
CLSA-2025-1761576180 Fix CVE(s): CVE-2025-31651
SECURITY UPDATE: Bypassing of some rewrite rules by a specially crafted request - debian/patches/CVE-2025-31651.patch: better handling of URLs - CVE-2025-31651...
Medium: tomcat
Issue Overview: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security...
Important: tomcat9
Issue Overview: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException...
UBUNTU-CVE-2025-31651
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...